Configure SSH in PuTTY

Complete guide to setting up and configuring SSH connections

Introduction: Connecting via SSH in PuTTY

SSH (Secure Shell) is the standard protocol for secure remote server access. PuTTY makes it easy to establish SSH connections to Linux, Unix, and other SSH-enabled systems from Windows.

This guide covers everything from basic SSH configuration to advanced authentication methods and troubleshooting common connection issues.

Basic Configuration Steps

Step 1: Launch PuTTY

  • Double-click putty.exe to open the PuTTY Configuration window
  • You'll see the Session category selected by default
  • This is where you'll configure your basic connection settings

Step 2: Enter Hostname or IP Address

In the "Host Name (or IP address)" field, enter one of:

  • Domain name: example.com
  • Subdomain: server.example.com
  • IPv4 address: 192.168.1.100
  • IPv6 address: 2001:db8::1

Note: Don't include ssh:// or http://prefixes – just the hostname or IP address.

Step 3: Set Port and Connection Type

Port Configuration:

  • Default SSH port: 22
  • Custom port: If your server uses a non-standard port (e.g., 2222), enter it here
  • The port number is displayed to the right of the hostname field

Connection Type:

  • Select "SSH" from the connection type options
  • Other options: Raw, Telnet, Rlogin, Serial (not commonly used)
  • SSH is the most secure option and should be used for remote connections

Step 4: Configure Username (Optional but Recommended)

To avoid typing your username each time:

  1. In the left panel, navigate to Connection → Data
  2. Find the "Auto-login username" field
  3. Enter your SSH username (e.g., root, admin, ubuntu)
  4. PuTTY will automatically use this username when connecting

Step 5: Save Your Session

Save your configuration for easy access:

  1. Return to the Session category (top of left panel)
  2. In the "Saved Sessions" field, enter a descriptive name:
    • Production Web Server
    • Dev Database - MySQL
    • Client XYZ - Main
  3. Click the "Save" button
  4. Your session now appears in the list below

Pro Tip: Double-clicking a saved session will immediately connect using those settings!

Step 6: Open Connection

  1. Click the "Open" button at the bottom of the window
  2. If this is your first connection to this server, you'll see a security alert
  3. Click "Accept" to trust the server's host key
  4. A terminal window opens
  5. Enter your password when prompted (if using password authentication)

Key-Based Authentication

SSH keys provide stronger security and convenience compared to passwords.

Prerequisites

  • You've generated an SSH key pair using PuTTYgen
  • Your public key is installed on the remote server
  • You have the private key file (.ppk format)

Configuring Key Authentication

  1. Open your saved session or create a new one
  2. In the left panel, navigate to:
    Connection → SSH → Auth → Credentials
  3. Click "Browse" next to "Private key file for authentication"
  4. Select your .ppk private key file
  5. Return to Session and click "Save" to update
  6. Click "Open" to connect
  7. Enter your key passphrase if you set one

Tip: Use Pageant (PuTTY's SSH agent) to load your key once per session, avoiding repeated passphrase prompts.

Advanced SSH Configuration

Keepalive Settings

Prevent disconnections due to inactivity:

  1. Navigate to Connection
  2. Set "Seconds between keepalives" to 60
  3. Enable "Enable TCP keepalives (SO_KEEPALIVE option)"
  4. This sends periodic packets to keep the connection alive

SSH Protocol Version

  1. Navigate to Connection → SSH
  2. Under "Protocol options", select SSH protocol version 2 only
  3. SSH-2 is more secure and should always be used
  4. SSH-1 is obsolete and vulnerable

Compression

For slow connections, enable compression:

  1. Navigate to Connection → SSH
  2. Enable "Enable compression"
  3. Useful for high-latency or low-bandwidth connections
  4. May slightly increase CPU usage

Port Forwarding (SSH Tunneling)

Create secure tunnels to access services through SSH:

Local Port Forwarding Example:

  1. Navigate to Connection → SSH → Tunnels
  2. Source port: 3307 (local port on your machine)
  3. Destination: localhost:3306 (MySQL on remote server)
  4. Click "Add"
  5. When connected, localhost:3307 on your machine forwards to MySQL on the server

X11 Forwarding (GUI Applications)

Run graphical applications remotely:

  1. Navigate to Connection → SSH → X11
  2. Enable "Enable X11 forwarding"
  3. Requires an X server on Windows (e.g., Xming, VcXsrv)
  4. GUI apps will display on your Windows desktop

Troubleshooting Connection Failures

Error: "Network error: Connection refused"

Possible causes:

  • SSH service not running on the server
  • Firewall blocking port 22
  • Wrong port number
  • Server is down

Solutions:

  1. Verify the server is online: ping hostname
  2. Check if SSH service is running on the server
  3. Verify the correct port number
  4. Check firewall rules (both client and server)

Error: "Network error: Connection timed out"

Possible causes:

  • Network connectivity issues
  • Firewall blocking connection
  • Incorrect hostname/IP
  • Server not responding

Solutions:

  1. Verify internet connection
  2. Check if hostname resolves: nslookup hostname
  3. Try alternative network (mobile hotspot, VPN)
  4. Contact server administrator

Error: "Server refused our key"

Possible causes:

  • Public key not added to server's authorized_keys
  • Wrong private key selected
  • File permissions incorrect on server
  • Server doesn't allow public key authentication

Solutions:

  1. Verify public key is in ~/.ssh/authorized_keys on server
  2. Check file permissions: ~/.ssh/ should be 700, authorized_keys should be 600
  3. Try password authentication to diagnose
  4. Check server's /etc/ssh/sshd_config for PubkeyAuthentication yes

Error: "Access denied"

Possible causes:

  • Wrong username
  • Wrong password
  • Account locked or disabled
  • IP address blocked by fail2ban or similar

Solutions:

  1. Double-check username and password
  2. Verify account is active on the server
  3. Contact server administrator to check for IP blocks
  4. Wait 10-15 minutes if locked by brute-force protection

Error: "Host key verification failed"

Possible causes:

  • Server's host key has changed (reinstalled OS, new server)
  • Man-in-the-middle attack (rare)
  • Cached old host key in PuTTY

Solutions:

  1. If you know the server was rebuilt, this is expected
  2. In PuTTY, click "Update" to accept the new key
  3. Or manually delete old key from Windows Registry:
    HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
  4. If unexpected, contact your server administrator before proceeding

Session Management Best Practices

Naming Conventions

  • Use descriptive, consistent names
  • Include environment: Prod-WebServer-01, Dev-Database
  • Include client/project: ClientA-Main
  • Use prefixes for grouping: AWS-, Azure-, Colo-

Session Backup

Export your PuTTY sessions for backup:

  1. Open Registry Editor (regedit)
  2. Navigate to: HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
  3. Right-click "Sessions" → Export
  4. Save as putty-sessions-backup.reg
  5. To restore: Double-click the .reg file

Security Recommendations

  • ✅ Always use SSH (never Telnet) for remote connections
  • ✅ Prefer key-based authentication over passwords
  • ✅ Use strong passphrases for private keys
  • ✅ Keep PuTTY updated to the latest version
  • ✅ Verify host keys on first connection
  • ✅ Use non-standard SSH ports when possible
  • ✅ Enable keepalives to maintain connections
  • ❌ Never share private keys
  • ❌ Don't ignore host key warnings

Quick Reference

SettingLocationCommon Value
HostnameSessionexample.com
PortSession22
UsernameConnection → Dataroot, ubuntu, admin
Private KeyConnection → SSH → Auth → Credentials*.ppk file
KeepaliveConnection60 seconds
CompressionConnection → SSHEnabled for slow links

Related Resources

;