SSH Key-Based Authentication with PuTTY
This tutorial is continuation from our previous article SSH Connection with PuTTY.
In the previous article we used PuTTy to create SSH connection with our hosting using only hosting credentials. We also used PyTTy to automatically submit our cPanel username during the login process.
Start PuTTY, click on the custom session name and click Load button – you must see the correct IP address and Port.
Click on Connection > Data to check if your cPanel username is in the Auto-login username field.
If not – read the previous article first and then come back here.
If yes, let's go ahead.
Download PuTTYgen and Pageant
For this second part you'll need two more tools from PyTTY family – PuTTYgen and Pageant. You can download them from the same URL and if in doubt on which version to download use 32-bit:
Make sure the value in the bottom right corner is no less than 2048 bit and click Generate button. Move your mouse over the blank area according to screen instructions.
The key is generated and from here we can go in three different directions:
- To use the key without passphrase – less secure but password less way to login
- Use passphrase – secure, but you have to enter it with every single login
- Use passphrase and let Pageant to supply the password – you will only have to enter it once if the Pageant has stopped working.
Let's go through all scenarios.
Use the key without passphrase
Leave Key passphrase and Confirm passphrase fields empty and click Save private key button.
Confirm saving without passphrase:
Save the key as
private.pkk file (you can choose any name).
Now start PuTTy and login with your hosting credentials.
We are going to create special named directory and file to hold our public key.
Execute all four commands:
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
In PuTTYgen select and copy the public key:
In the terminal (PuTTy) open authorized_keys file and paste in it the public key (right click in the terminal):
and make sure the whole public key code is on one row:
Otherwise you are going to get an error:
Click CTRL+O then click Enter to save the file.
Click CTRO+X to close it.
Close PuTTy (exit > Enter).
Start PuTTY in a new session and go to Connection > SSH > Auth:
Click Browse and navigate to your .ppk (private key file).
Click Session (at the top of the left menu to return to the main screen).
Select session name and click Save:
Double click on the session name or select it and click Open:
You are logged in without supplying any password:
Use the key with passphrase
If you have closed PuTTYgen start it again, click Load and open the previously saved .ppk file.
Fill in Key passphrase and Confirm passphrase fields and click Save private key button.
Confirm overwriting the existing file.
Start PuTTY in a new session, double click on the session name and you'll be prompted to enter passphrase:
Let Pageant supply the passphrase
Start Pageant – it works as a background process and can be accessed from the taskbar.
Right click on the icon and select Add Key:
Enter the passphrase and click OK:
Start PuTTY in a new session, double click on the session name and you are logged in instantly:
Looks like the perfect solution.
But let's stop Pageant to see what will happen. Right click on Pageant icon in the taskbar and select Exit:
Start PuTTY in a new session – passphrase is needed:
Start Pageant, right click on the icon and select View Keys:
Click Add Key button:
Enter passphrase and click OK:
The passphrase is stored until next Pageant stop. Start PuTTy for the last time in this tutorial:
Though the passwordless method looks very tempting – set it and forget it, we recommend you to use the last option with passphrase protected key, delivered by Pageant upon each login.