Enable public key authentication and login with SSH keys without Password with PUTTY-PuttyGEN

[Sandeep B.]

SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private “key” (two mathematically-linked algorithms that are effectively impossible to crack).

Setup SSH Keys on your Windows computer/laptop using PuttyGEN
Step 1
Download PuttyGEN from the Homepage website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.

Step 2
Start PuttyGEN by double clicking on its icon

Step 3
From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096

Step 4
Click “Generate” button

Step 5
Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full

Step 6
Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys)

Step 7
Click the “Save private key” button & choose whatever filename you’d like

Quote

NOTE! Both public and private files will have to stay on your computer, do not delete them.

Step 8
Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy

Step 9
Login to your VPS or Dedicated server

Step 10
Run the following commands:

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

Step 11
Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file

Lets setup Putty on your Windows OS
Step 1
Start PuTTY by double-clicking its executable file

Step 2
PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window)

Step 3
In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)

Step 4
Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.

Step 5
Along the left-hand side of the window, select the Data sub-category, under Connection

Step 6
Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field

Step 7
Expand the SSH sub-category, under Connection

Step 8
Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window

Step 9
Browse your file system and select your previously-created private key

Step 10
Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld

Step 11
Click the Save button

Now you can go ahead and log in to your server and you will not be prompted for a password.

Finally let’s disable username/password login on your vps/dedicated server
Step 1
Open /etc/ssh/sshd_config

nano /etc/ssh/sshd_config

Step 1
Lets change both “PasswordAuthentication” and “UsePAM” options to “no”

[...]
PasswordAuthentication no
[...]
UsePAM no
[...]

Step 2
Restart your SSH server

service sshd restart

 

[torettos]

Hello Sandeep,

work fine for SSH connection via PuTTY but i have some problems with rsync connection from my Synology NAS device.

With SSH key generated with PuTTYgen (without passphrase) don't pass verifying, but with server default key (from "id_rsa") pass verifying process, but after that on rsync connection return me this error:

Quote

Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).[rsync code 255])

Why happened this and how to fix it?

And why UsePAM must to be "no"? It's can to be from this?

 

Thank you in advance and i expect your reply!

[Sandeep B.]

did you tried with pam yes ?

you need to change the private key to pem format and try

[torettos]

Hello Sandeep,

after the changes from this link: https://phoenixnap.com/kb/ssh-permission-denied-publickey

the error message it's changed to:

 

Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,password).
[rsync code 255])

 

I convert the "id_rsa" to *.pem but without results and still don't connected via SSH, any other idea?

Thank you in advance!

Edited October 16 by torettos

[Sandeep B.]

i've tested the upper steps and its still working fine for me. You can DM me with server details  for the checks