Content
SSH key authentication in PuTTY
Introduction
In this guide, you will learn how to set up SSH key-based authentication using PuTTY, a popular SSH client for Windows. By using key-based authentication instead of password-based authentication, you can enhance the security of your SSH connection. Key-based authentication ensures that only those with the corresponding private key can log in, providing a more secure and reliable method of authentication.
This guide covers the process of setting up SSH key authentication using PuTTY and a client application.
Important Security Warning: The private key must be kept strictly confidential. Never share it with third parties, store it on unsecured devices, or use it without a passphrase for added protection. If the key is compromised, immediately generate a new key pair and update the authorized_keys
file on the server.
1) Generating Keys
PuTTYgen is a tool from the PuTTY suite, primarily for Windows, designed to generate SSH key pairs and convert key formats. Its main function is to create pairs of public and private keys, which can be stored in the .ppk
format (specific to PuTTY). Additionally, PuTTYgen can convert keys between formats, ensuring compatibility with various SSH clients and servers, such as OpenSSH.
PuTTYgen generates key pairs consisting of a public key, which can be shared, and a private key, which must remain confidential. The public key is used for authentication when connecting to remote servers.
The .ppk
format is specific to PuTTY, but PuTTYgen can convert keys to other formats, such as OpenSSH.
Alternative: Generating Keys in PuTTYgen
You can generate keys directly in PuTTYgen on a Windows machine without using a Linux server. To do this:
- Open PuTTYgen.
- Select the key type (e.g., RSA or EdDSA) and size (2048 bits or higher is recommended).
- Click Generate and move the mouse to generate entropy.
- Save the public key (copy the text from the "Public key for pasting into OpenSSH authorized_keys file" field) and the private key as a
.ppk
file. - Add the public key to the
~/.ssh/authorized_keys
file on the server (see below).
However, in this guide, we will focus on generating keys on a Linux server using ssh-keygen
and then converting them for use with PuTTY.
Prerequisites
Before starting, ensure you have the following components:
- PuTTY and PuTTYgen — Download from the official website. PuTTYgen is included in the PuTTY suite.
- Linux Server with OpenSSH installed (typically pre-installed on most distributions).
- SSH Access to the Server with a password (for initial key setup).
- Optional: A passphrase to protect the keys (recommended for enhanced security).
Verifying Server Configuration
Before generating keys, ensure that key-based authentication is enabled on the server. Open the /etc/ssh/sshd_config
file (with root privileges):
sudo nano /etc/ssh/sshd_config
Ensure the line PubkeyAuthentication yes
is present and not commented out. If changes are made, save the file and restart the SSH service:
sudo systemctl restart sshd
(In some distributions: sudo service ssh restart
.)
Step-by-Step Guide to Generating Keys in Linux
Connect to the server via SSH with a password (using PuTTY or another client) and perform the following steps as the user you want to authenticate (preferably not root for security; use sudo
if needed).
Run the ssh-keygen
utility. It will prompt you to specify where to save the keys (default is ~/.ssh/id_rsa
) and to set a passphrase (recommended for added security; press Enter to skip).
ssh-keygen -t rsa -b 2048
(Optional: Use -t ed25519
for a more modern algorithm.)
You now have two files in the ~/.ssh
directory:
id_rsa
— the private key.id_rsa.pub
— the public key.
View the keys (optional, for verification):
cat ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub
Navigate to the ~/.ssh
directory (if not already there):
cd ~/.ssh
Add the public key to the authorized_keys
file (use >>
to avoid overwriting existing content):
cat id_rsa.pub >> authorized_keys
Set the correct permissions (critical for SSH functionality):
chmod 700 ~/.ssh
chmod 600 id_rsa
chmod 600 authorized_keys
After these steps, the server is ready to accept key-based connections. Restart the SSH service if you modified the configuration:
sudo systemctl restart sshd
2) Converting the Key and Authenticating with PuTTY
Now, transfer the private key (id_rsa
) from the server to your local Windows machine and convert it to the .ppk
format for PuTTY.
Transferring the Key to the Local Machine
Use scp
(from the PuTTY suite — pscp.exe
) or another secure method. Example with pscp
(run in the Windows Command Prompt):
pscp user@server_ip:~/.ssh/id_rsa C:\path\to\local\id_rsa
(Replace user@server_ip
with your details and C:\path\to\local
with the local path.)
Warning: Never transfer the key over unsecured channels (e.g., email). Use encrypted methods.
Converting to .ppk Format with PuTTYgen
Open PuTTYgen on Windows.

Click Load and select the id_rsa
file (PuTTYgen supports the OpenSSH format).

If the key is passphrase-protected, enter the passphrase.

After loading, click Save private key and save the file as a .ppk
file (e.g., mykey.ppk
). Agree to save without a passphrase if you don’t want an additional one (though a passphrase is recommended).
Configuring PuTTY to Use the Key
Open PuTTY.
In the main window, specify the server’s IP address, port (usually 22), and SSH connection type.
Navigate to Connection → SSH → Auth → Credentials.
In the Private key file for authentication field, specify the path to the .ppk
file.

Optional: For auto-login, go to Connection → Data and enter the username (e.g., root
or your user) in the Auto-login username field.
Save the session for convenience and connect.
Upon connection, if the key is passphrase-protected, PuTTY will prompt for the passphrase. If everything is set up correctly, you will log in without entering the server’s password.
Tip: For managing multiple keys, use PuTTY Pageant (a key agent from the PuTTY suite). Load the .ppk
file into Pageant, and PuTTY will use it automatically.
Conclusion
By setting up SSH key authentication with PuTTY and a Linux server, you establish a more secure and reliable connection. Using SSH keys eliminates the need to enter passwords, reducing the risk of brute-force attacks and interception. Follow the steps in this guide to configure SSH key authentication with PuTTY and enjoy the benefits.
Additional Tips: Regularly update your keys, monitor server logs (/var/log/auth.log
), and disable password authentication in sshd_config
(PasswordAuthentication no
) if keys are the only login method. If issues arise, verify file permissions and server configuration.