SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private “key” (two mathematically-linked algorithms that are effectively impossible to crack).

Setup SSH Keys on your Windows computer/laptop using PuttyGEN
Step 1
Download PuttyGEN from the Homepage website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.

Step 2
Start PuttyGEN by double clicking on its icon

Step 3
From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096

Step 4
Click “Generate” button

Step 5
Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full

Step 6
Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys)

Step 7
Click the “Save private key” button & choose whatever filename you’d like

Quote

NOTE! Both public and private files will have to stay on your computer, do not delete them.

Step 8
Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy

Step 9
Login to your VPS or Dedicated server

Step 10
Run the following commands:

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

Step 11
Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file

Lets setup Putty on your Windows OS
Step 1
Start PuTTY by double-clicking its executable file

Step 2
PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window)

Step 3
In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)

Step 4
Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.

Step 5
Along the left-hand side of the window, select the Data sub-category, under Connection

Step 6
Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field

Step 7
Expand the SSH sub-category, under Connection

Step 8
Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window

Step 9
Browse your file system and select your previously-created private key

Step 10
Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld

Step 11
Click the Save button

Now you can go ahead and log in to your server and you will not be prompted for a password.

Finally let’s disable username/password login on your vps/dedicated server
Step 1
Open /etc/ssh/sshd_config

nano /etc/ssh/sshd_config

Step 1
Lets change both “PasswordAuthentication” and “UsePAM” options to “no”

[...]
PasswordAuthentication no
[...]
UsePAM no
[...]

Step 2
Restart your SSH server

service sshd restart

 

Hello Sandeep,

work fine for SSH connection via PuTTY but i have some problems with rsync connection from my Synology NAS device.

With SSH key generated with PuTTYgen (without passphrase) don't pass verifying, but with server default key (from "id_rsa") pass verifying process, but after that on rsync connection return me this error:

Quote

Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).[rsync code 255])

Why happened this and how to fix it?

And why UsePAM must to be "no"? It's can to be from this?

 

Thank you in advance and i expect your reply!

did you tried with pam yes ?

you need to change the private key to pem format and try

Hello Sandeep,

after the changes from this link: https://phoenixnap.com/kb/ssh-permission-denied-publickey

the error message it's changed to:

 

Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,password).
[rsync code 255])

 

I convert the "id_rsa" to *.pem but without results and still don't connected via SSH, any other idea?

Thank you in advance!

Edited October 16, 20231 yr by torettos

i've tested the upper steps and its still working fine for me. You can DM me with server details  for the checks

Pleased to observe this! Great facts and the clarity of detail revealed is excellent!
Thanks and good day!