SSH keys are a great way of authenticating against remote servers. This article will walk you through setting up keys for use with PuTTY, Terminal (Mac OS, Linux) and adding them to your server.

Generate public and private key pair for PuTTY

If you are using Linux or Mac OS feel free to skip this section.

To use SSH keys with PuTTY you will need to get your hands on a copy of PuTTYgen. If you've downloaded an installer of PuTTY this should already be installed. Alternatively, you can download PuTTYgen portable from the official PuTTY website.

Open up the program and you should be greeted with the following screen:

Make sure Type of key to generate is set to RSA, then click Generate to begin the creation process. You will be asked to move the Mouse around the empty space in the window to generate some random data.

Once the process is done you can optinally input a passphrase, which will be used as a form of additional security (in case your private key gets compromised). This is not necessary and you can ignore warnings when exporting the keys later.

Save both the public and private key with relevant buttons.

Add the key to your PuTTY session

Open PuTTY and load your desired saved session. Then, navigate to Connection > SSH > Auth and click Browse under "Private key file for authentication". Find your previously saved Private Key (not the public key!).

Then, go back to Session and click Save to save your key in the session. Skip the section below to learn how to place your key on the server to allow it to authenticate.

Generate public and private key on Linux, Mac OS

Open the Terminal app and type the below command:

ssh-keygen -t rsa

Afterward, hit Enter to confirm defaults for every input you are asked for. Alternatively you can use custom paths to your keys if you'd like. You can also use a passphrase, however, it is not necessary. The passphrase offers additional security if your SSH key was to be compromised.

The output should be something like this:

[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/
The key fingerprint is:
SHA256:T+Inj7aLJICxJS54bglO33hE1ojH9gcyKNkN/yUJcQg [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|   E.oo.         |
|  o B.= .        |
|oo.+ % = .       |
|o*. = = +        |
|*oo  . oS..      |
|++.o+  ..+       |
| .+o.o. o o      |
| .  .o ..=       |
|      ..+o.      |

Your SSH key will now be by default used in all new sessions automatically. Keep reading to learn how to tell the server to accept your key.

Prepare your server environment to accept the key

Login to your server as you would otherwise. You will need to make sure the directory ~/.ssh/ exists. To do this, run the below mkdir command:

mkdir -p ~/.ssh/

Install the SSH key (Windows)

You will need to add your Public Key to the file ~/.ssh/authorized_keys. You can do it using Nano or a different editor on the server. If you are not sure how to use Nano or you do not have installed please follow this article to learn how to set it up.

Run the below command to open the file in Nano:

nano ~/.ssh/authorized_keys

In a separate window on your PC, open the Public Key file in a simple text editor such as Notepad and carefully follow below directions:

1. Edit the file so that these lines are removed:

  • "---- BEGIN SSH2 PUBLIC KEY ----"
  • The line starting with "Comment:"
  • "---- END SSH2 PUBLIC KEY ----"

2. Edit the remaining lines so that all the text is in one line.
3. Add "ssh-rsa" with a space before the text edited previously. Keep the text on one line.

You should end up with text that looks like this:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsioB5KaM5Yrv7fGs8dCrdbd3DugweveajTcQJU58uUod3uXFB0Wy5EbyIi2RtNos1X5LpyEK+Mbibd4EnQ8+ldtTrnbr1ZP43dfqNDkV9stjSmzSXjf2yBWm090cQKog4kPY1DbQHoTpSAVUVKBg6b6SWeKxt8x9IEp2YyreQVlYDkB8ZRHN18+LvdJ7CRGiJeSDwN0fdicLSAaEREJlhuvyN5Xz6H2HW6PGk/9PKm++AJGnWMNuWNVjK3g3zYtdIkhtPiXP2lXXCq06EEwiSh9A8EUmS+oj8nz/6MiPhifcFL7bBUrJvCt+bdMfL1issuQB20qkEG7KZxcG8ScRvQ==

If you see any content in the file already, press END on your keyboard and then Enter to create a new line. The existing Key on the server might be for our support team.

Copy and paste the text in to the PuTTY window with Nano open. To paste the text, right click any area inside the PuTTY window.

You should end up with a window similar to this:

Next, press CTRL + X to tell Nano to exit, and then press the y key to confirm changes and then press Enter to confirm file name.

That's it! Next time you login to the server with PuTTY, your SSH key will be used instead of a password. For a bonus security tweak please scroll down below the next section.

Important: If you are using a SElinux backed system on your VPS such as CentOS, Fedora or Red Hat Enterprise Linux, please use the below command (on the server) to update SElinux with your changes:

restorecon -Rv ~/.ssh/

Alternatively, disable SElinux following this article.

Install the SSH key (Linux, Mac OS)

Type the following in the Terminal to connect to your server and automatically set up the key: (replacing IP_ADDRESS with your server's IP address)

ssh-copy-id [email protected]_ADDRESS

You will be asked for a password, and once it is typed in your key will be automatically placed on the server. Future authentication attempts should use the key.

Important: If you are using a SElinux backed system on your VPS such as CentOS, Fedora or Red Hat Enterprise Linux, please use the below command (on the server) to update SElinux with your changes:

restorecon -Rv ~/.ssh/

Alternatively, disable SElinux following this article.

Bonus SSHD tweak: Disable Password Authentication

Please see this article to learn how to disable password authentication to better protect your server.

Need help?