How to Generate SSH Keys on Windows Using Bitvise and PuTTYSecure Shell (SSH) keys are essential for ensuring secure communication between clients and servers. They offer a robust authentication method that is more secure than traditional passwords.

This article will guide you through generating SSH keys on Windows using Bitvise and PuTTY, two popular SSH client applications.

Generating SSH Keys with Bitvise

Bitvise is a powerful SSH client for Windows that provides a graphical interface for key generation and other functionalities. Follow these steps to generate SSH keys using Bitvise.

Download and Install Bitvise

Visit the Bitvise website and download the SSH client installer.

Run the installer and follow the prompts to install Bitvise.

Open Bitvise SSH Client

Launch the Bitvise SSH Client from the Start menu or desktop shortcut.

Bitvise Main Interface

Generate SSH Keys

In the Bitvise SSH Client window, click on the Client key manager button located on the main interface.

Bitvise client key manager

In the Client Key Manager window, click the Generate New button.

Bitvise Client key manager window

Choose the key type (RSA is commonly used) and the key size (2048-bit or 4096-bit for stronger security).


Optionally, you can provide a key comment for easier identification and a passphrase for additional security.

Bitvise Generate New Keys

Click Generate to create the key pair.

Export the public key because we will upload it on our server. Be sure to choose OpenSSH format. Also, export your private key and store both in a safe place.

Bitvise Export Public Key

We need to copy the public key for use on the SSH server.

To do that, login to your server using root.

Bitvise RackNerd

Bitvise New terminal console

Create ssh Directory and Authorized_keys File

Run the command to check the list under the ssh directory.

ls -l ~/.ssh

If the list returns 0, we need to create ssh directory.

ls -l ~/.sshTo create the .ssh directory and the authorized_keys file in order to copy your public SSH key, follow these steps:


Run the following command to create the .ssh directory in your home directory if it does not already exist.

mkdir -p ~/.ssh

It’s important to set the correct permissions for the .ssh directory to ensure security.

chmod 700 ~/.ssh

Create or update the authorized_keys file: You can now create or update the authorized_keys file by adding your public key.

nano ~/.ssh/authorized_keys

Authorized keys public key

After pasting your public key, save the file and exit the text editor.

Run the following command to set the correct permissions for the authorized_keys file.

chmod 600 ~/.ssh/authorized_keys

Here is a summary of the commands you would run on the remote server:

Creating ssh directory and authorized_keys file

Ensure the permissions are set correctly by listing the details of the .ssh directory.

ls -ld ~/.ssh
ls -l ~/.ssh/authorized_keys

You should be able to get drwx on ssh directory and rw on authorized_keys.

Permissions for ssh directory and authorized_keys file

Login to Your Server with SSH Keys

Now let’s try to login using our ssh keys.

First logout to your Bitvise connection.

Use the following authentication:

  • Username: root
  • Initial method: publickey
  • Client key: Profile name of your ssh keys
  • Passphrase: Enter your passphrase or set to empty if you did not have created one
  • Elevation: Default

Bitvise SSH Login

Disable Password Authentication

Finally, we will disable root/password login.

Disabling password authentication on your server ensures that only users with SSH keys can access it, significantly enhancing security.

Here are the steps to disable password authentication on your server:

Edit the SSH daemon configuration file (sshd_config). You can use a text editor like nano or vim.

nano /etc/ssh/sshd_config
  1. Look for the line that contains PasswordAuthentication.
  2. If it is commented out (preceded by a #), uncomment it by removing the #.
  3. Change the value to no to disable password authentication

Disable Password Authentication

In nano, press Ctrl+X, then Y, and then Enter to save and exit.

Apply the changes by restarting the SSH service.

systemctl restart ssh

It’s a good idea to open a new terminal session and try logging in with a password to ensure that password authentication is indeed disabled.

Cannot Login using Root-Password Authentication
Now I cannot login using root/password authentication.

Important Considerations

Ensure SSH Key Authentication Works: Before disabling password authentication, make sure you can log in using SSH keys. Otherwise, you might lock yourself out of the server.

Backup Configuration: Always back up the original sshd_config file before making any changes. You can copy it with:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Generating SSH Keys with PuTTY

PuTTY is another widely used SSH client for Windows that comes with a key generation tool called PuTTYgen.

Follow these steps to generate SSH keys using PuTTY:

Download and Install PuTTY

Visit the PuTTY website and download the installer package.

Run the installer and follow the prompts to install PuTTY and PuTTYgen.

Launch PuTTYgen from the Start menu or desktop shortcut.

Generate SSH Keys

In the PuTTYgen window, ensure the RSA option is selected (you can also choose other types like EdDSA or ECDSA).

Set the number of bits in the generated key (2048 or 4096 for stronger security).

Click Generate and move your mouse over the blank area to generate randomness.

PuTTY Generate SSH Keys

Once the key is generated, you can add a key comment and passphrase.

Click Save private key to store the private key securely on your computer.

Copy the public key displayed at the top of the PuTTYgen window for use on the SSH server.

nano ~/.ssh/authorized_keys
Add Public Key on Server Using PuTTY
Copy the public key to the remote server’s ~/.ssh/authorized_keys file.

Use the SSH Keys

Close your PuTTY session and login using the keys generated.

Use PuTTY to connect to the server.

PuTTY Login SSH

Configure the connection with the private key under Connection > SSH > Auth > Credentials.

Browse the location where you saved your private key and click Open.

Browse Private Key PuTTY

You will be asked for your username and passphrase if any.

PuTTY Logging in with SSH Key

You can now disable password authentication.

nano /etc/ssh/sshd_config

Find PasswordAuthentication and set it to no.

systemctl restart ssh

FAQs

What is an SSH key?

An SSH key is a pair of cryptographic keys used to authenticate and secure communication between a client and a server.

Why should I use SSH keys instead of passwords?

SSH keys are more secure than passwords as they are resistant to brute-force attacks and phishing. They provide a higher level of security through public-key cryptography.

If you are running email servers or hosting multiple websites, you need to use SSH key authentication.

What is the difference between Bitvise and PuTTY?

Both Bitvise and PuTTY are SSH clients for Windows, but Bitvise offers a more comprehensive graphical interface with additional features, whereas PuTTY is lightweight and comes with a dedicated key generation tool called PuTTYgen.

How do I secure my private key?

Store your private key in a secure location, use a strong passphrase, and set appropriate permissions to prevent unauthorized access.

Can I use the same SSH key for multiple servers?

Yes, you can use the same SSH key for multiple servers by copying the public key to each server’s ~/.ssh/authorized_keys file.

Conclusion

Generating SSH keys on Windows using Bitvise and PuTTY is a straightforward process that significantly enhances the security of your SSH connections.

Whether you choose Bitvise for its rich interface or PuTTY for its simplicity, both tools offer reliable methods for generating and managing SSH keys.

Leave a Reply

Your email address will not be published. Required fields are marked *