Key based SSH authentication offers some advantages over the usual password based authentication, especially for administrators using SSH for scripted activities. Storing passwords in a script file is less secure (although anyone who has access to the script likely also has access to the key), and entering the password in scripts can be a complicated process. Using keys allows the server to authenticate the client without the need for a password.

If you haven’t done so already, you’ll need to install a copy of PuTTY installed on your Windows machine (at a minumum install putty.exe and puttygen.exe).

Key generation

The first step is to generate the public/private key pair. This can be done on the host running OpenSSH, or on the Windows machine using PuTTYgen. We’ll show the PuTTYgen tool here.

Run PuTTYgen and click on the Generate button. You’ll be prompted to move the mouse around on the screen to generate some random data, and then the key pair will be created. When done, you should see a key shown in the window similar to below.

Save your private key to someplace secure on your Windows computer (perhaps a subfolder in your Documents folder, or for scripts in a location that only the script user can access. If you haven’t set a password, you’ll be prompted with “Are you sure you want to save this key without a passphase to protect it?”, to which you can respond yes. If you’re using this key for logging in as a privileged user on the target host, a passphrase is a good idea. For our purposes we are using keys specifically to get around the need for a passphrase.

Once the key is saved, select and copy the key string displayed in the window and paste it into a text document temporarily.

OpenSSH configuration

At this point we switch to working on the target host to configure the SSH deamon to validate you using the newly generated keys. Open a terminal session on the target host, and su to the user that will be using the key to login. Change your current directory to the .ssh subdirectory in the user’s home directory.

cd ~/.ssh

Edit the authorized_keys, and paste the contents you copied above into this file. Save the file and exit your editor. Double check that the permissions are set properly on your authorized_keys:

chmod 600 authorized_keys

Failure to set the permissions properly will result in SSH giving a Server refused our key error when you attempt to connect.

Test the connection

Open PuTTY on the Windows machine. Key in the IP address of your target host as you usually would, and then select “Auth” on the left panel. Browse to the private key file you saved earlier and open it.

Click the Open button at the bottom of the window to open the SSH session. At the login as: prompt enter the username that you set the key up for. Your connection should open without a password prompt.