Generate SSH Keys: Windows & macOS/Unix (PowerShell, PuTTY)

SSH keys offer a more secure and convenient alternative to traditional password-based login for SSH (Secure Shell) connections. No username/password is required to connect to the server via SSH. Instead, the unique public and private keys provide secure authentication.

This article will walk you through how to generate and use SSH keys for secure server access.

• What are SSH Keys, and How Does It Work?
• Benefits of Using SSH Keys
• How to Generate SSH Keys
• How to Connect to Your Server Using SSH
• Summary

What are SSH Keys, and How Does It Work?

You generate SSH keys as a pair. They consist of a Public key and a Private key.

• Private key - This is the key that stays on your local machine. (Do not share this with anyone.)
• Public key - This is the key placed on the server you want to connect to so it can match your private key.

When you connect to a server, your SSH client uses a private key to verify your identity, and the server checks it with a public key. If the two match, you'll be granted remote access to the server. This eliminates passwords, making the process safer and easier.

Benefits of Using SSH Keys

• Secure Authentication: SSH keys are a secure way to verify users and systems on remote servers, replacing the less secure method of using passwords.
• Encrypted Communication: When using SSH keys, communication between devices is encrypted to ensure a secured exchange of sensitive and important data during remote access or file transfer.
• Automation of Secure Access: SSH keys allow automated scripts and processes to securely access servers or other remote devices without the need for you to enter your manual credentials each time.
• Remote Server Access: SSH keys are used to access servers remotely, allowing you to manage websites or databases securely without the risks of using passwords.
• Enhanced Security: SSH keys eliminate the risk of password breaches, as a private key is not transmitted over the network, thus reducing the risk of being intercepted.
• Convenience: With SSH keys, you don't need to remember complex passwords, as they allow password-less authentication, which makes remote server access faster and more convenient.
• Stronger Encryption: Unlike the traditional password authentication methods, SSH keys use asymmetric cryptography, which provides stronger encryption and ensures high-level data protection.

How to Generate SSH Keys

In this section, we will discuss how you can generate SSh keys on various platforms.

• Generate SSH Keys in Windows using PowerShell
• Generate SSH Keys in Unix or macOS Terminal
• Generate SSH Keys in Windows using PuTTY

Generate SSH Keys in Windows using PowerShell

1. Press Windows + X or open the Start menu, and launch the PowerShell application.
2. Type the following command in PowerShell to generate the SSH Key Pair.

   ssh-keygen

3. Press Enter when you see the following prompt.

   Enter a file in which to save the key (C:\Users\<username>\.ssh\id_rsa):

4. You will be prompted again to set a passphrase for added security.
   • If you want extra security, enter a passphrase, then press Enter.
   • If you prefer to skip this step, just press Enter twice.
5. Once done, you will see a prompt similar to the following:

   Your identification has been saved in C:\Users\<username>\.ssh\id_rsa. 
   Your public key has been saved in C:\Users\<username>\.ssh\id_rsa.pub.
   The key fingerprint is:
   SHA256: xxxxxxxxxxxxxxx...
   

6. To check whether the keys were created successfully, navigate to the .ssh folder by running the following command.

   cd ~\.ssh

   You should see these two files:

   • id_rsa (private key)
   • id_rsa.pub (public key)
7. To proceed to the next step, you will need your private key in .ppk format. To obtain this, download and open the PuTTYgen application. Please note that the steps provided are specific to using PuTTY.
8. Click the Load button and locate the private SSH key you downloaded.

   

9. Enter the passphrase for your SSH Key (if you previously opted for one).

   

10. Click the Save private key button to create the .ppk file.

    

11. Once the SSH Key pair is generated, add the public key to the server you're connecting to. This should allow the server to authenticate you using the public key.

Generate SSH Keys in Unix or macOS Terminal

This section applies to OpenSSH users on Unix-like operating systems, including Linux, macOS, and BSD.

1. Launch your terminal application.
2. Type the following command in your terminal.

   ssh-keygen -t rsa -b 4096

3. When you see the prompt "Enter file in which to save the key, " press Enter again.
4. Type a secure passphrase, then press Enter.
5. Type the secure passphrase again to confirm, and then press Enter.
6. You will receive a successful message with the details regarding the key you generated.

   username@localhost ~ $ ssh-keygen -t rsa -b 4096
   Generating public/private rsa key pair.
   Enter file in which to save the key (/home/<username>/.ssh/id_rsa):
   Enter passphrase (empty for no passphrase): 
   Enter same passphrase again: 
   Your identification has been saved in /home/<username>/.ssh/id_rsa. 
   Your public key has been saved in /home/<username>/.ssh/id_rsa.pub. 
   The key fingerprint is: SHA256:PRxLu/LU6ZfFDve1sTIR0nK86NJVYRxRONCz0N5oy7U username@localhost The key's randomart image is:
    +---[RSA 4096]----+ 
    | .+.+=| 
    | . *+ | 
    | o oo.*.| 
    | + * ==.o|
    | S * =o++.|
    | = =+E=|
    | . = + .**|
    | = + oooo|
    | o ..o |
    +----[SHA256]-----+

7. (Optional) Check to ensure your ~/.ssh folder has the correct permissions. Type the following command:

   chmod 0700 ~/.ssh

8. Correct the file permissions within the ~/.ssh folder.

   chmod 0600 ~/.ssh/*

You will receive a prompt: "Your public key has been saved in /home/userna5/.ssh/id_rsa.pub." The text in the id_rsa.pub file is your public key, which you need to add to your server.

Generate SSH Keys in Windows using PuTTY

PuTTY is a well-known third-party application used to configure SSH access. If you prefer using this tool instead of the terminal, follow these steps.

1. Launch the PuTTYgen application (PuTTY Key Generator).
2. Once launched, you can keep RSA selected from the Type of key to generate options. RSA is selected by default and is commonly used.
3. For the Number of bits in a generated key, use 4096. The 2048 bits is generally good for most cases, but 4096 bits is even more secure.
4. Click the Generate button to generate the key pair. Keep moving your mouse over the PuTTYgen window until the progress bar is full.
5. (Optional)You can type a comment in the Key comment field to help identify this SSH key pair.
   
   (Optional but recommended) You can also type a secure passphrase in the Key passphrase and Confirm passphrase fields.
6. Click on the Save private key button to save your private key to your computer.
7. Click on the Save public key button. You can also copy the public key from the text box or just click the button to save it in a separate file.
8. To check if you saved both keys, navigate to your .ssh directory.

   You should see these two files:

   • id_rsa.ppk (private key) Please note that the ".ppk" extension is PuTTY's private key format.
   • id_rsa.pub (public key)
9. To log into your remote server with an SSH key pair, you first need to upload your public key to the server.

How to Connect to Your Server Using SSH

Windows

To log in to your server with PuTTY and a public key, please see Using SSH on Windows (PuTTY) for step-by-step instructions.

Linux or macOS

To log in to your server with a password using Linux or macOS:

1. Open your Terminal.
2. Enter the following command. Replace port with the port number, ssh-key with the file path, and IP with your IP address.

   ssh -p port -i ssh-key user@IP

3. Enter the passphrase for the key.

   Using a passphrase with your SSH key is important because it prevents unauthorized access by individuals who don't have the passphrase. Without a passphrase, anyone accessing your computer could copy your private key.

   '~/.ssh/id_dsa':

After entering the passphrase, you'll be connected to the server.

Summary

SSH keys offers a more secure and convenient alternative to passwords for SSH connections. This article explains how SSH keys work, detailing the benefits of using SSH keys for secure authentication, encrypted communication, and automated access. Learn how to generate SSH keys on Windows (using PowerShell and PuTTY) and Unix/macOS (via Terminal). The guide covers generating SSH keys, adding your public SSH key to a server, and connecting to your server using SSH keys, ensuring secure and passwordless login.