It is generally recommended to use SSH key authentication whenever possible, especially for servers or systems accessible over the internet. This is because SSH key authentication is based on asymmetric cryptography and is considered more secure than password authentication. It provides stronger protection against brute-force attacks, as the private key is typically much longer and harder to guess than a password. SSH key authentication can also be automated, allowing for passwordless logins and easier integration with scripts and automated processes. Additionally, The private key can be protected with a passphrase, adding an extra layer of security. In the tutorial, we will show you how to connect to Ubuntu Linux VPS with SSH keys using puTTy from Windows.
In PuTTy, You can create saved sessions or profiles for different remote server connections so you don't have to manually configure the connection setting every time.
Open PuTTy, and navigate to the Session Category. Configure the following:
1. Host Name: IP address of your VPS or its fully qualified domai name.
2. Port: The default port for SSH is 22. It's recommended to change your server's SSH port to reduce brute force attacks. In this example, we will use the default port 22.
Connection Category, Data Sub-Category
1. Auto-login username: Enter the usename you use to log in to the server. Here we use administrator.
Go back to the Session Category
1. Saved Sessions: Specify a name for this session and click Save. The next time you open PuTTY, simply double click the session name, you can start the session immediately without having to input the above information again.
Double-click the downloaded PuTTygen file - PuTTygen.exe. In the Parameters section, it's okay to keep the default settings for the type of key to generate as RSA. However, it is not recommended to use the SSH-1 (RSA) type as it is less secure. Then, specify the number of bits in a generated key as 2048 or 4096. Increasing the bits makes it harder to crack the key by brute-force methods. Finally, click the generate button.
Move the mouse cursor around below the progress bar until the progress bar is full.
Here you can see an SSH key pair has been generated.
Key comment: You can input any comment, such as an email address and a specific name, to help you identify this key pair later. The comment is particular useful when you have generated multiple key pairs.
Key passphrase and Confirm passphrase: If you want to add an additional layer of security on top of the SSH keys, you can enter a passphrase here. Otherwise, leave it blank. In this example, we use the SSH key without passphrase.
Save the private key to your computer by clicking Save private key and specify a file name. The file should be ending with .ppk. Please be sure to save it to a location that only you can access and that you will NOT lose! If you lose your keys and have disabled username/password logins, you will no longer be able log in!
Click Save public key and specify a file name that you can identify to save the public key to your computer.
open PuTTY, double-click the session name to start the saved session.
Then, input the password for the auto-login user as prompted.
Navigate to the ~/.ssh folder and use the nano command to paste the copied public key to the authorized_keys file
cd /home/administrator/.ssh/ nano authorized_keys
Then, Press the Ctrl + x on your keyboard, and input y, followed by hitting Enter to save the changes.
Note If the authorized_keys file doesn't exist, you can manually create it.
Disconnect to your current session, and open PuTTy again. Click the saved session name and hit the Load button.
Go to Connection - SSH - Auth. Click Brower. Then, find the private key file you previously saved on your computer and click Open.
Go back to the Session Category
At the Saved session, click Save. Now, you have attached your private key to your testserver saved session.
Open PuTTy, select the saved session and click open. You can see you've automatically logged in without being required a password.
Once you have verified that your SSH key logins are working, you may disable username/password logins to achieve better security. To do this, you need to edit your SSH server's configuration file. On Debian / Ubuntu systems, this file is located at /etc/ssh/sshd_config. In this example, we use the nano editor to make the changes by using the following command. Any other editor will work.
sudo nano /etc/ssh/sshd_config
In the file, change the value of PasswordAuthentication and UsePAM to no. Then save the changes by pressing ctrl + x, followed by hitting y and enter.
With this comprehensive guide, users can confidently connect to Ubuntu Linux systems with SSH keys using PuTTY from their Windows machines. This secure and efficient method of authentication ensures a seamless remote access experience while maintaining a high level of security for the user's sensitive information.