Create keyfiles using PuTTYGEN


Public key authentication is a secure method of logging in to an SSH Server. If the SSH Server is configured to only allow keyfile based login then a public and private key pair must be used to login successfully. The public key should be copied to the server and the private key should be used on the client PC. Using an encrypted passphrase when creating the private key file is recommended as this adds another layer of security. Without a passphrase anyone with access to the private key file can access the SSH Server.

Although it is possible to generate key file pairs using CopSSH (or OpenSSH for Windows) the private key generated using these applications is not compatible with PuTTY, the SSH Client used in this guide. PuTTYgen can therefore be used to generate public and private key pairs.

  1. Start putty.exe and ensure that the Type of key to generate: is set as SSH-2 RSA. Also ensure that the Number of bits in a generated key: is set to at least 2048 (4096 recommended). Once these settings have been entered click on the Generate button -

  2. When prompted to Please generate some randomness by moving the mouse over the blank area move the mouse over the area highlighted in the screenshot below -

  3. Once the key has been generated you should see a screenshot similar to the one below. To create a public key (used on the server) highlight the text in the Public key for pasting into OpenSSH authorized_keys file: box and copy it by pressing the [Ctrl] + [C] keys -

  4. Open notepad and paste the text copied in the preceding step by pressing the [Ctrl] + [V] keys, then save the file as C:\Program Files\ICW\home\User_Account\.ssh\authorized_keys if using CopSSH (where User_Account is the name of the account activated when CopSSH was installed). If using OpenSSH for Windows save the file as C:\Program Files\OpenSSH\etc\authorized_keys. Note - irrespective of which OpenSSH Server is used the file must be saved as Authorized_keys without a file extension.
  5. Edit the Key comment: entry if required and enter (and Confirm) a Key passphrase: to ensure that an encrypted passphrase is required during log on to the SSH Server -

  6. Click on the Save private key button and save the file for use on the client PC (the file will be saved with a .ppk file extension) -