How to Connect to Your Server Using SSH Keys on Windows 10 with PuTTY

BLUF: SSH Keys Provide Superior Security Over Standard Passwords

For Australian IT administrators and developers, securing remote server access is a top priority. Moving from password-based authentication to SSH (Secure Shell) keys significantly reduces the risk of brute-force attacks and unauthorized access. By using PuTTY and PuTTYgen on Windows 10, you can generate a cryptographic key pair that ensures only your specific machine can communicate with your server, providing a robust “digital handshake” for all remote management tasks.

Step 1: Generate Your SSH Key Pair with PuTTYgen

Before you can connect, you need a public and private key pair.

1. Download and open PuTTYgen (part of the PuTTY suite).
2. Ensure the “Type of key to generate” is set to RSA or Ed25519 for modern security.
3. Click Generate and move your mouse randomly over the blank area to create “entropy.”
4. Important: Add a “Key passphrase” for an extra layer of security. This protects your private key if your local machine is ever compromised.
5. Save your Private Key (.ppk file) in a secure location and copy the Public Key string from the top window.

Step 2: Add Your Public Key to the Server

Your server needs to know your public key to recognize your connection.

1. Log in to your server (one last time via password).
2. Open your authorized keys file: nano ~/.ssh/authorized_keys.
3. Paste the public key string you copied from PuTTYgen onto a new line.
4. Save and exit (Ctrl+O, Enter, Ctrl+X).
5. Set the correct permissions: chmod 600 ~/.ssh/authorized_keys and chmod 700 ~/.ssh.

Step 3: Configure PuTTY to Use Your Private Key

Now, tell PuTTY where to find your private key for authentication.

1. Open PuTTY and enter your server’s IP address.
2. In the left sidebar, navigate to Connection > SSH > Auth.
3. Click Browse and select the .ppk private key file you saved in Step 1.
4. Go back to the Session category, give your session a name, and click Save.

Step 4: Establish a Secure Connection

Click Open. You will be prompted for your SSH key passphrase (if you set one), but you will no longer need your server’s main user password. This “passwordless” entry is not only more secure but also significantly faster for daily administration.

Best Practices for SSH Management

• Keep Your Private Key Private: Never share your .ppk file.
• Disable Password Authentication: Once your keys are working, edit /etc/ssh/sshd_config and set PasswordAuthentication no to completely lock down your server.
• Use Pageant: PuTTY’s SSH authentication agent (Pageant) can store your decrypted keys in memory, so you only have to enter your passphrase once per session.