This article will take you through generating RSA keys using PuTTYgen on Windows for secure SSH authentication with OpenSSH.
One effective way of securing SSH access to your Cloud Server is to use a public/private key. This means that a 'public' key is placed on the server and the 'private' key is on our local workstation. This makes it impossible for someone to log in using just a password, provided you have setup SSH to deny password-based authentication (which you can learn how to do in this article about SSH).
In Windows we will use PuTTYgen to generate our public and private keys. You can download PuTTYgen from its official website (it might also have been installed with PuTTY or WinSCP). Launch the program then click the Generate button, as seen below. You will notice that it generates the keys for you. All you need to do now is save the public and private keys by clicking the buttons stating as such.
In the field labeled "Public key for pasting into OpenSSH authorized_keys file", copy the text (it should start with "ssh-rsa") to your clipboard with control-c. Edit the ~/.ssh/authorized_keys file on your Cloud Server and paste the text onto its own line in the file. To edit the file (and if necessary, create it), run:
The key and its associated text (the "ssh-rsa" identified at the start and the comment at the end) should all be on one line in the file. If it's word-wrapped onto multiple lines it may cause an error when connecting.
If you created the authorized_keys file you'll also need to change its permissions once you're done editing it by running:
chmod 600 ~/.ssh/authorized_keys
To make use of your newly generated RSA key pair, you will need to tell PuTTY to use it when connecting to your Cloud Server. Do this by opening PuTTY and going to the "SSH" -> "Auth" section. Browse to where you saved the keys and load the private key as seen below:
Make PuTTY use the key every time you connect to your Cloud Server by saving this configuration. After loading your key as shown above, go back to "Session" and save your session:
Once you have saved your session, your key will be loaded automatically upon connecting to your Cloud Server.
Opting for a key-based authentication to your SSH server is beneficial in many ways. By eliminating the possibility of SSH brute-force attacks targeted towards your Cloud Server, the chances of it being compromised are decreased by an order of magnitude.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License