SSH Key Generation with PuTTYgen

Master SSH key generation with PuTTYgen to establish secure, password-free authentication for your remote server connections.

What Are SSH Keys and Why They Matter

SSH keys are a pair of cryptographic keys used for authenticating to SSH servers as an alternative to password-based authentication. They consist of:

  • Private Key: Kept secret on your local machine - never share this!
  • Public Key: Placed on remote servers you want to access

Benefits of SSH Keys

  • Enhanced Security: Much stronger than passwords, resistant to brute-force attacks
  • Convenience: No need to type passwords for each connection
  • Automation: Enable automated scripts and deployments
  • Auditing: Easy to track which keys have access to which servers
  • Revocable: Simply remove a public key to revoke access

PuTTYgen Basics

PuTTYgen is the key generation tool for PuTTY. It creates SSH key pairs and can convert between different key formats. The tool is included in the full PuTTY installation package.

Supported Key Types

  • RSA: Most widely supported, use 2048-bit minimum (4096-bit recommended)
  • ED25519: Modern, faster, and more secure - recommended for new keys
  • ECDSA: Elliptic curve algorithm, good balance of security and performance
  • DSA: Legacy format, not recommended (limited to 1024 bits)

Step-by-Step Key Generation Guide

Step 1: Open PuTTYgen

  1. Download PuTTYgen from the official PuTTY website if you haven't already
  2. Launch puttygen.exe
  3. The "PuTTY Key Generator" window will open

Step 2: Choose Key Type (RSA/ED25519)

For RSA Keys:

  1. Select "RSA" in the "Parameters" section
  2. Set "Number of bits in a generated key" to 4096 (or at least 2048)

For ED25519 Keys (Recommended):

  1. Select "EdDSA" in the "Parameters" section
  2. Choose "Ed25519" from the curve dropdown
  3. Note: Bit length is fixed at 256 bits for ED25519

Step 3: Generate the Key

  1. Click the "Generate" button
  2. Move your mouse randomly over the blank area in the window
  3. This creates entropy (randomness) for the key generation
  4. Wait for the progress bar to complete
  5. Your new key pair will be displayed

Step 4: Add a Key Passphrase (Highly Recommended)

Why use a passphrase?

A passphrase protects your private key. Even if someone steals your key file, they cannot use it without the passphrase.

  1. Enter a strong passphrase in the "Key passphrase" field
  2. Re-enter it in the "Confirm passphrase" field
  3. Use a passphrase with at least 12 characters, including mixed case, numbers, and symbols

Step 5: Add Key Comment (Optional but Recommended)

In the "Key comment" field, enter a description like:

  • myname@work-laptop-2025
  • john.doe@company.com-production

This helps you identify keys later when managing multiple keys.

Step 6: Save Your Keys

⚠️ Important:

Save your private key BEFORE closing PuTTYgen. Once you close the window without saving, the key is lost forever and you'll need to generate a new one.

Save Private Key:

  1. Click "Save private key"
  2. If you didn't add a passphrase, you'll get a warning - click "Yes" only if you understand the risk
  3. Choose a secure location (e.g., C:\Users\YourName\.ssh\)
  4. Name it descriptively: my-server-key.ppk
  5. The .ppk extension is PuTTY's private key format

Save Public Key:

  1. Click "Save public key"
  2. Save it in the same location as your private key
  3. Name it: my-server-key-public.txt

Step 7: Copy the Public Key

In the PuTTYgen window, you'll see a text box labeled "Public key for pasting into OpenSSH authorized_keys file":

  1. Select all the text in this box
  2. Copy it (Ctrl+C)
  3. This is the exact format needed for your server's authorized_keys file

Using SSH Keys with Servers

Adding Your Public Key to a Server

Method 1: Manual Installation

  1. Connect to your server using PuTTY with password authentication
  2. Create the SSH directory if it doesn't exist:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
  1. Edit the authorized_keys file:
nano ~/.ssh/authorized_keys
  1. Paste your public key (the text you copied from PuTTYgen)
  2. Save and exit (Ctrl+O, Enter, Ctrl+X in nano)
  3. Set correct permissions:
chmod 600 ~/.ssh/authorized_keys

Method 2: Using ssh-copy-id (if available)

If your system has ssh-copy-id, you can use it to automatically install your public key:

ssh-copy-id -i ~/.ssh/my-key.pub user@hostname

Configuring PuTTY to Use Your Private Key

  1. Open PuTTY
  2. Load your saved session or create a new one
  3. In the left panel, navigate to: Connection → SSH → Auth → Credentials
  4. Click "Browse" next to "Private key file for authentication"
  5. Select your .ppk private key file
  6. Go back to the Session category and click "Save"
  7. Click "Open" to connect

Troubleshooting Common Key Errors

Error: "Server refused our key"

Possible causes:

  • Public key not correctly added to server's authorized_keys file
  • Wrong file permissions on server
  • Wrong username

Solutions:

  1. Verify the public key is correctly pasted (entire key on one line)
  2. Check permissions: ~/.ssh should be 700, authorized_keys should be 600
  3. Check server logs: sudo tail -f /var/log/auth.log (Ubuntu/Debian)

Error: "Unable to use key file"

Causes:

  • File format is incorrect (not .ppk format)
  • File is corrupted

Solution:

Use PuTTYgen to convert other key formats to .ppk: Load the key via Conversions → Import key, then save it as .ppk format.

Error: "Disconnected: No supported authentication methods available"

Causes:

  • Server doesn't allow public key authentication
  • No valid authentication method configured in PuTTY

Solution:

  1. Check server's /etc/ssh/sshd_config file
  2. Ensure PubkeyAuthentication yes is set
  3. Restart SSH service: sudo systemctl restart sshd

Passphrase Issues

If you're repeatedly prompted for your passphrase:

  • Use Pageant (PuTTY's authentication agent) to load your key once per session
  • Pageant will cache your decrypted key in memory
  • You'll only need to enter the passphrase once when loading the key into Pageant

Converting Key Formats

PuTTYgen can convert between different key formats:

OpenSSH to PuTTY (.ppk)

  1. Open PuTTYgen
  2. Click Conversions → Import key
  3. Select your OpenSSH private key (usually id_rsa or id_ed25519)
  4. Enter passphrase if required
  5. Click "Save private key" to save as .ppk

PuTTY to OpenSSH

  1. Open PuTTYgen
  2. Click "Load" and select your .ppk file
  3. Click Conversions → Export OpenSSH key
  4. Save the file (remove the extension for standard format)

Security Best Practices

  • Always use passphrases: Protect your private keys with strong passphrases
  • Use strong key lengths: 4096-bit RSA or ED25519
  • Regular key rotation: Generate new keys periodically (annually recommended)
  • One key per device: Generate separate keys for each computer/device
  • Backup safely: Store backup copies of keys in encrypted storage
  • Revoke compromised keys: Immediately remove public keys from servers if private key is compromised
  • Use Pageant: Avoid storing unencrypted keys in memory
  • Limit key access: Only add keys to authorized_keys for users who need them

Related Resources

;