Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. You keep the private key a secret and store it on the computer you use to connect to the remote system. Conceivably, you can share the public key with anyone without compromising the private key; you store it on the remote system in a .ssh/authorized_keys
directory.
Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA). Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to. Sep 26, 2019 Generating an SSH key. To generate an SSH key with PuTTYgen, follow these steps: Open the PuTTYgen program. For Type of key to generate, select SSH-2 RSA. Click the Generate button. Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair. Type a passphrase in the Key passphrase field. Ssh-keygen -f anything creates two files in the current directory. Anything.pub is the public key, which you could append to the user's /.ssh/authorizedkeys on any destination server. The other file, just called anything is the private key and therefore should be stored safely for the user. Jun 22, 2012 Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. Amazon EC2 Key Pairs. Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt a piece of data, and then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair. Where key is the name of the private key and key.pub is the name of the public key. Associate the public key with a user on the clustered system using the management GUI. Parent topic: Preparing the SSH client on an AIX or Linux host.
To use SSH public-key authentication:
~/.ssh/authorized_keys
file in your account.To set up public-key authentication using SSH on a Linux or macOS computer:
To generate RSA keys, on the command line, enter:
Enter
or Return
without entering a filename.Alternatively, you can enter a filename (for example, my_ssh_key
) at the prompt, and then press Enter
or Return
. However, many remote hosts are configured to accept private keys with the default filename and path (~/.ssh/id_rsa
for RSA keys) by default. Consequently, to authenticate with a private key that has a different filename, or one that is not stored in the default location, you must explicitly invoke it either on the SSH command line or in an SSH client configuration file (~/.ssh/config
); see below for instructions.
Enter
or Return
. If you press Enter
or Return
without entering a password, your private key will be generated without password-protection.Your private key will be generated using the default filename (for example, id_rsa
) or the filename you specified (for example, my_ssh_key
), and stored on your computer in a .ssh
directory off your home directory (for example, ~/.ssh/id_rsa
or ~/.ssh/my_ssh_key
).
The corresponding public key will be generated using the same filename (but with a .pub
extension added) and stored in the same location (for example, ~/.ssh/id_rsa.pub
or ~/.ssh/my_ssh_key.pub
).
~/.ssh/id_rsa.pub
) to your account on the remote system (for example, darvader@deathstar.empire.gov
); for example, using command-line SCP: You'll be prompted for your account password. Your public key will be copied to your home directory (and saved with the same filename) on the remote system.
~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your ~/.ssh/authorized_keys
file on the remote system, the setup process is complete, and you should now be able to SSH to your account from the computer that has your private key.~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands: ~/.ssh/authorized_keys
file, executing these commands will not damage the existing directory or file.~/id_rsa.pub
) to a new line in your ~/.ssh/authorized_keys
file; on the command line, enter: You may want to check the contents of ~/.ssh/authorized_keys
to make sure your public key was added properly; on the command line, enter:
~/id_rsa.pub
) from your account on the remote system; on the command line, enter:Alternatively, if you prefer to keep a copy of your public key on the remote system, move it to your .ssh
directory; on the command line, enter:
username@host2.somewhere.edu
) from the computer (for example, host1
) that has your private key (for example, ~/.ssh/id_rsa
):If the private key you're using does not have the default name, or is not stored in the default path (not ~/.ssh/id_rsa
), you must explicitly invoke it in one of two ways:
-i
flag and the path to your private key.For example, to invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, when connecting to your account on a remote host (for example, username@host2.somewhere.edu
), enter:
~/.ssh/config
), if it exists/etc/ssh/ssh_config
)The SSH client configuration file is a text file containing keywords and arguments. To specify which private key should be used for connections to a particular remote host, use a text editor to create a ~/.ssh/config
that includes the Host
and IdentityFile
keywords.
For example, for connections to host2.somewhere.edu
, to make SSH automatically invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, create a ~/.ssh/config
file with these lines included:
Once you save the file, SSH will use the specified private key for future connections to that host.
You can add multiple Host
and IdentityFile
directives to specify a different private key for each host listed; for example:
Alternatively, you can use a single asterisk ( *
) to provide global defaults for all hosts (specify one private key for several hosts); for example:
For more about the SSH client configuration file, see the OpenSSH SSH client configuration file on the web or from the command line (man ssh_config
).
The PuTTY command-line SSH client, the PuTTYgen key generation utility, the Pageant SSH authentication agent, and the PuTTY SCP and SFTP utilities are packaged together in a Windows installer available under The MIT License for free download from the PuTTY development team.
After installing PuTTY:
2048
).putty_key
), select a location on your computer to store it, and then click Save.putty_private_key
), select a location on your computer to store it, and then click Save.putty_rsa
), select a location on your computer to store it, and then click Save.If the remote system does not support password-based authentication, you will need to ask system administrators to add your public key to the ~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your account's ~/.ssh/authorized_keys
file on the remote system...
~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands:If your account on the remote system already has ~/.ssh/authorized_keys
, executing these commands will not damage the existing directory or file.
~/.ssh/authorized_keys
file, and then save and close the file.putty_private_key.ppk
), select the file, and then click Open.If your private key is not passphrase-protected, Pageant will add your private key without prompting you for a passphrase.
Either way, Pageant stores the unencrypted private key in memory for use by PuTTY when you initiate an SSH session to the remote system that has your public key.
Deathstar
), and then click Save.Startup
folder to launch Pageant and load your private key automatically whenever you log into your desktop. For instructions, finish the rest of the following steps.Startup
folder. Press Win-r
, and in the 'Open' field, type shell:startup
, and then press Enter
.Startup
folder, and then select New and Shortcut.pageant.exe
) followed by the path to your private key file (for example, putty_private_key.ppk
); enclose both paths in double quotes; for example: PAGEANT
).The next time you log into your Windows desktop, Pageant will start automatically, load your private key, and (if applicable) prompt you for the passphrase.