Published October 23rd, 2014
One of the best ways to help secure SSH access to a remote computer is to utilize public/private keys by placing a copy of a public key on the remote server while retaining the private portion on the computer you will be accessing the remote computer from. Using public/private keys protects your remote system from password guessing due to the fact a copy of the private key will be needed as well as a password if the key is protected in that manor.
In this post I will cover how to generate your public and private keys using PuTTYgen on a Microsoft Windows device, how to copy the public key to your remote machine, and show the steps needed to secure it properly once on the remote machine.
In order to generate public and private keys using PuTTYgen you will need to download PuTTYgen from here. Once you have downloaded PuTTYgen launch the program. You should not have to change any settings simply click the "Generate" button and follow the instructions which consist of moving your mouse over a blank space to help with randomness.
Once the generation process has completed you will need to copy the contents of the text area labeled “Public key for pating into OpenSSH authorized_key file:”. This key will need to be placed on the machine you wish to connect to using the public /private key pair you generated.
On the machine you wish to log into create a directory named .ssh in the root of your home directory.
Next write a file named authorized_keys within the newly created .ssh directory.
Paste the contents you copied from the PuTTY Key Generator into this file and save it.
You will want to set permissions on the directory you created and the public key you uploaded. Make sure to change "user:user" to the correct <user>:<group> as well as specify the correct path the users home directory.
chown -R user:user /home/user/.ssh chmod 700 /home/user/.ssh chmod 600 /home/user/.ssh/authorized_keys
You will now want to save a copy of the generated public and private keys to your computer. To save the public key click on the button named "Save public key" and browse to a safe place to save it to. Enter a name for the public key file such as servername.pub and click "Save".
Next you will want to save the newly generated private key. It is recommended you add a "Key passphrase" which will be asked for each time the private key is used if you like for extra security however it is not required. Now click the button "Save private key". If you did not supply a passphrase you will see a warning saying so. Browse to a safe place to save the key to and save the private key file using a name such as servername.ppk.
You now will have successfully created both the public and private keys on your local computer as well as copied the public key to your server and secured the key by setting the proper permissions.