Create passwordless login with SSH keys and PUTTY

Benefits of passwordless login with SSH keys

If VPS/Dedicated server is visible over the Internet, you should use public key authentication instead of passwords, if at all possible. This is because SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private "key" (two mathematically-linked algorithms that are effectively impossible to crack).

Setup SSH Keys on your Windows computer/laptop using PuttyGEN


Step 1

Download PuttyGEN from the maintainer's website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.

Step 2

Start PuttyGEN by double clicking on its icon

Step 3

From top menu, click on "Key" and select "SSH-2 RSA" and in the bottom right box change the number 2048 to 4096

Step 4

Click "Generate" button

Step 5

Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full

Step 6

Click the "Save public key" button & choose whatever filename you'd like (some users create a folder in their computer named my_keys)

Step 7

Click the "Save private key" button & choose whatever filename you'd like

NOTE! Both public and private files will have to stay on your computer, do not delete them.


Step 8

Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy

Step 9

Login to your VPS or Dedicated server

Step 10

Run the following commands:
mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

Step 11

Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file

Lets setup Putty on your windows computer/laptop


Step 1

Start PuTTY by double-clicking its executable file

Step 2

PuTTY's initial window is the Session Category (navigate PuTTY's various categories, along the left-hand side of the window)

Step 3

In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)

Step 4

Enter the port number in the Port field (for added security, consider changing your server's SSH port to a non-standard port.

Step 5

Along the left-hand side of the window, select the Data sub-category, under Connection

Step 6

Specify the username that you plan on using, when logging in to the SSH server, and whose profile you're saving, in the Auto-login username field

Step 7

Expand the SSH sub-category, under Connection

Step 8

Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window

Step 9

Browse your file system and select your previously-created private key

Step 10

Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. [email protected] or [email protected]

Step 11

Click the Save button

Now you can go ahead and log in to your server and you will not be prompted for a password.

Finally let's disable username/password login on your vps/dedicated server


Step 1

Open /etc/ssh/sshd_config

Step 1

Lets change both "PasswordAuthentication" and "UsePAM" options to "no"
[...]
PasswordAuthentication no
[...]
UsePAM no
[...]

Step 2

Restart your SSH server
service sshd restart
or
sudo reload ssh
Was this answer helpful? 247 Users Found This Useful (486 Votes)