PuTTY is an open-source software that acts as a terminal for both Linux and Windows. Users can use it as a serial console and a network file transfer application. It also supports such protocols as SSH, Telnet, rlogin, and such, and you can use it to connect to your VPS hosting server from a remote computer. Although it is a client program for SSH, it’s not a port of OpenSSH and doesn’t natively support it’s SSH-2 private key files. As compensation, this software has an additional free utility called PuTTYgen that users can use to generate SSH keys for their PuTTY and then safely connect to their systems.
How to generate OpenSHH-compatible keys
First, you have to download PuTTYgen from the maintainer’s website. You don’t have to install it as it is standalone software. Start the application and follow these steps:
- There will be a field named “Type of key to generate”. Click on it and select “RSA”. This type of encryption creates a public key that can be shared with others, but it can only be decrypted with a private key.
- In the “Number of bits in a generated key” section, you can specify either 2048 or 4096. Generally, increasing the number makes it harder for third-parties to crack the encryption via brute-force attacks, ensuring that your connection to your VPS hosting server remains secure. Click “Generate”.
- Once the private/public key pair is generated, enter anything you want in the “Key comment” field to identify this specific pair. This may come in handy if you ever decide to create more keys.
- If you want, you can type a passphrase in the “Key passphrase” and “Confirm passphrase” fields to secure the key even more. However, if you’re planning on using these key pairs for automated processes, it’s advised not to as this will stop them from working properly.
- Next, click “Save public key” and choose whatever filename you want. Then, click “Save private key” and do the same. You can save it in the same location as the public key, but it still should only be stored in a place that you alone can access.
- Right-click the “Public key for pasting into OpenSSH authorized-keys file” field and choose “Select All”. Right-click it again and select “Copy”.
It should be noted that OpenSSH and PuTTY use different formats for the public SSH keys. If the key you copied begins with “—- BEGIN SSH2 PUBLIC KEY …“, the format is wrong, and you won’t be able to connect to your VPS hosting server. The SSH key should start with “ssh-rsa AAAA ….”.
How to save the public key on the server
The next step is to paste the copied public key on your server, specifically the “~/.ssh/authorized_keys” file. Just follow these steps:
- Log in to the destination server that you‘re going to use PuTTY to connect to it.
- You should have an SSH folder prepared. If not, simply create it manually:
chmod 0700 ~/.ssh
chmod 0644 ~/.ssh/authorized_keys
3.Paste the public into the file: sudo vim ~/.ssh/authorized_keys
4.Press the “I” key on your keyboard, right-click and paste.
5.To save the changes, press these keys in this specific order: “Esc”, “:”, “w”, “q”, “Enter”.
If everything saved right, you should be able to safely connect to your server.
Create a PuTTY profile to save the server’s settings
PuTTY has a very useful feature that you can use to create and save profiles for connections to various SSH servers. This way, you don’t have to constantly re-type information whenever you want to connect to another SSH server. Follow these steps to create your PuTTY profile:
- Start PuTTY. Navigate the initial window along the left-hand side until you find the “Session” node.
- There will be a “Host Name” field. Here, enter either the IP address of your VPS hosting or its fully qualified domain name.
- Enter your port number in the “Port” field and select “SSH” under “Protocol”.
- In the “Connection” category, select the “Data” sub-category. Then expand the “SSH” sub-category, highlight “Auth” and click the “Browse” button. Find your private key in the file system and select it.
- Specify your username in the “Auto-login username” field.
- Return to the “Session” category and enter a name for your profile in the “Saved Sessions” field.
- For the “Load, Save or Delete a stored session” field, click the “Save” button.
If you did everything correctly, you won’t have to type in a password whenever you log into your profile. But if you previously set a passphrase for the public key, you will have to type it every time you log in.
Disable username/password logins
Once you verify that the key-based logins are working on your VPS hosting server, you can disable username/password logins if you want. Doing so increases the security of the connection. To disable this setting, you have to edit your SSH server’s configuration file that is located at “/etc/ssh/sshd_config”.
Access it by typing “sudo vim /etc/ssh/sshd_config” in the command line. Then press the “I” key on your keyboard and edit these lines like so:
Save the changes by pressing these keys in this specific order: “Esc”, “:”, “w”, “q”, “Enter”. Then reload the configuration by typing the following in the command line:
sudo reload ssh
And you’re done. Now you should be able to safely connect to your VPS hosting server. Key-based authentication is probably on the most secure methods of protection and authentication, and more users should implement these additional security measures. Not only it encrypts all your inbound and outbound data, but it also protects your connection from any possible attacks by third-parties that want to steal your information and exploit it.