• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Feedback

Let us know what you think of our Knowledge Center!

Open Cloud Community

Learn about Rackspace products, ask questions, and share your knowledge in our Open Cloud Community.

SSH - PuTTYgen

  • Article ID: 426
  • Last updated on January 11, 2013
  • Authored by: Rackspace Support
  • (13 Comments)

This article will take you through generating RSA keys using PuTTYgen on Windows for secure SSH authentication with OpenSSH.

 

Contents

Introduction

One effective way of securing SSH access to your Cloud Server is to use a public/private key. This means that a 'public' key is placed on the server and the 'private' key is on our local workstation. This makes it impossible for someone to log in using just a password, provided you have setup SSH to deny password-based authentication (which you can learn how to do in this article about SSH).

Generate Keys

PuTTYgen

In Windows we will use PuTTYgen to generate our public and private keys. You can download PuTTYgen from its official website (it might also have been installed with PuTTY or WinSCP). Launch the program then click the Generate button, as seen below. You will notice that it generates the keys for you. All you need to do now is save the public and private keys by clicking the buttons stating as such.

puttygen.jpg

Open up your public key, copy it to the clipboard (ctrl+a, ctrl+c) and paste it at the very end of ~/.ssh/authorized_keys on your Cloud Server. If that file doesn't already exist, you will have to create it (nano ~/.ssh/authorized_keys).

Usage

To make use of your newly generated RSA key pair, you will need to tell PuTTY to use it when connecting to your Cloud Server. Do this by opening PuTTY and going to the "SSH" -> "Auth" section. Browse to where you saved the keys and load the private key as seen below:

puttykey.jpg

Make PuTTY use the key every time you connect to your Cloud Server by saving this configuration. After loading your key as shown above, go back to "Session" and save your session:

puttysession.jpg

Once you have saved your session, your key will be loaded automatically upon connecting to your Cloud Server.

Summary

Opting for a key-based authentication to your SSH server is beneficial in many ways. By eliminating the possibility of SSH brute-force attacks targeted towards your Cloud Server, the chances of it being compromised are decreased by an order of magnitude.



© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER

13 Comments

Comment - What about connecting with "plink" (command line)?
Can you please provide few examples?
By Richi on Jul. 30, 2012

The best detail on using plink I can think of is in the PuTTY documentation:

[http://the.earth.li/~sgtatham/putty/0.61/htmldoc/Chapter7.html#plink](http://the.earth.li/~sgtatham/putty/0.61/htmldoc/Chapter7.html#plink)

Basically you can use plink to make an ssh connection with a command like:

plink -ssh username@myserver.com

You can use a saved session name for the connection target, and that will use anything you've configured for that connection in PuTTY. That means you could make a session named "myserver" that has the protocol set to ssh and that sets the username for you. You can also add a key to that saved session so a script could use plink without needing to include a password. To use the session and then run the command "runscript.sh" on the server, you'd type:

plink mysession runscript.sh

I hope that helps. The documentation is definitely the best place to check for a more thorough explanation of what options you can use with plink.
By jered.heeschen on Jul. 30, 2012

This doesn't seem to work with Lucid Lynx and there seems to be no ~/.ssh folder for new users - is there a different process for that version (the 10.04 docs link to this KB article).
By Christian on Jul. 30, 2012

My mistake. I was saving the public key and then opening/copying/pasting the contents instead of using the public key directly from the puttygen app. Works great now!
By Christian on Jul. 30, 2012

How do I, while using putty, see where a file folder is? I was told something to the effect of apachectl -S is that the correct syntex to put in and if so where do I put that?
By Andrew on Feb. 13, 2013

Well, "apachectl -S" will tell you where apache config files are. If you're looking to determine the directory you're currently in, you can run "pwd". The "ls" command shows what files are in the current directory.

You might search for a good Linux command-line primer to get you started. Putty acts as a terminal program, connecting you to a Linux server, and you use typed commands to navigate from there.
By jered.heeschen on Feb. 13, 2013

I've strictly followed the instructions here, but my Linux Cloud server is still responding: "Server refused our key". I can login via password, but not the key pair.

Here is exactly what I did:

- Generated the public/private key pair with PuTTYgen
- Saved the private key on my local machine
- Copy/pasted the public key into /home/username/.ssh/authorized_keys on my Cloud Server
- Configured my PuTTY session to use my local private key file when connecting to my server
- Attempted to connect via PuTTY with user "username" (as defined above)
- Received a message saying "Server refused our key"

What am I doing wrong?
By Frank on Mar. 14, 2013

The first thing I'd check would be to make sure the key you saved to authorized_keys is all on one line. If it got broken up into two lines (which word processors sometimes do), ssh won't like it. Also make sure there isn't a character missing from the beginning or end, and if there are an trailing spaces at the end of the line, remove them.

Basically, ssh is really sensitive about the key file so everything has to be just so. Most of the time I run into that error it's because of one of the issues I mentioned.
By jered.heeschen on Mar. 14, 2013

Ok, I generated a new public/private key - the private key in my authorized_keys file is now on one, single line. I attached the new private key to my PuTTY session, but I'm still getting "Server refused our key".

Is there anything I need to change in the SSH config or something like that?
By Frank on Mar. 14, 2013

Another possibility is the permissions on the authorized_keys file. Try running this to restrict permissions on the file:

chmod 600 ~/.ssh/authorized_keys

That's an instruction that should be in this article, I'll make sure to edit that in.

But of course, if that doesn't fix it, let me know and we'll see what else we can do.
By jered.heeschen on Mar. 14, 2013

I did the:

chmod 600 ~/.ssh/authorized_keys

And I'm still getting the "Server refused our key" message... Must be some small stupid thing I'm doing wrong...
By Frank on Mar. 24, 2013

I'd suggest calling support, then, to have them walk you through the key creation and setup. Them taking you through it step-by-step might turn something up. If you don't have any luck with them, let me know and we'll see if we can come up with something else.
By jered.heeschen on Mar. 24, 2013

If you are having trouble getting Putty to work with private/public keys, I have found that another application (Bitwise SSH Client) creates keys that work with OpenSSH on LINUX (I'm using Fedora). In addition, you can export the private key that Bitwise SSH creates and import it into Putty using PuttyGEN and then use Putty as the client if you like that better than Bitwise.
By Ralph Wolman on Apr. 11, 2013

Add new comment