How to use public/private keys for SSH and SFTP
This article was posted in: Web Hosting
This article assumes you have already installed the PuTTY suite of applications.
Public/private key authentication, as the name suggests, uses two special cryptographic key files (called keys) to authenticate your login. The private key remains on your computer and should be kept safe from unauthorised access. The public key can be freely installed on remote systems. It doesn't matter if your public key gets stolen or lost. Because only you have the private key you can always regenerate the public key again from it. The key files are just plain text - nothing magical. You can open them in notepad if you are curious!
PuTTY allows you to do all this.
Step 1 - Generate your public/private key pair
Start PuTTYgen, and choose a type of key to generate and keysize. If you are unsure what to choose, just copy the settings shown below.
Click the Generate button.
PuTTYgen will then ask you to waggle your mouse around for a while to help it generate some randomness (apparently there are some things we can still do better than a computer!).
When you have wiggled and waggled enough, and the green bar reaches the right hand side, PuTTYgen will create your keypair and you will see something like this:
Just fill in the Key comment field (your name is a good idea), and enter a STRONG passphrase including upper and lowercase letters, numbers, and symbols. Keep this passphrase somewhere secure so you can get to it later (you'll need it anytime you want to use your private key from a new computer).
If your private key ever gets stolen, this password is your last line of defence. A private key with a weak or no passphrase is a gift to hackers! Generally speaking, a good 16 character passphrase will keep the world's most powerful computers at bay until the sun burns out!
Click the Save private key button and save your private key with the .ppk extension.
Your public key doesn't need saving because it can always be generated instantly from the private key - but don't close PuTTYgen yet because we're going to do some cPanel magic.
Step 2 - Setting up your cPanel account with your public key
Log into your cPanel account, and click on the SSH/Shell Access icon in the Security group of icons. Click the Manage SSH Keys button (shown below).
Click the Import Key icon to get the Import SSH Key screen.
Now, switch back to PuTTYgen, and select ALL of the text in the box at the top entitled Public key for pasting into OpenSSH authorized_keys file: and copy it into the clipboard as below.
Switch back to cPanel again, and paste in your public key into the Paste the Public Key in this box: text box. Give your public key a name, as shown (this becomes the filename your public key is saved as) and click the Import button. If you don't give your key a name, it will default to being called id_dsa.
The next step is to authorise your public key.
Back on the Manage SSH Keys cPanel screen, click Manage Authorization for your key (as shown)
Then, on the Manage Authorization screen just click the Authorize button and you should receive a confirmation that the key has been authorised. That's it, you're now ready to use your private key!
Step 3 - Configuring Pageant to decode your private key for PuTTY and Filezilla
OK, remember back in Step 1, we saved your private key with a .ppk extension?
Open the Pageant application (part of the PuTTY tools that you installed already).
Did nothing happen? That's OK - Pageant only runs as a small taskbar icon (It looks like a little PC with a hat on - see below).
Now, right click the little Pageant icon, and a context menu will pop up. Select Add Key from the popup menu.
This will open a file selection window. Simply browse to wherever you saved your .ppk (private key) file in Step 1 and click Open.
You did remember to store that strong passphrase from Step 1 somewhere, didn't you? Enter it in the text box and click OK.
That's it. Pageant now has your private key open and ready for use by other applications. You can check your keys by right clicking Pageant and selecting View Keys.
Or, and this is the neat part, you can right click Pageant, and hover your mouse over the Saved Sessions menu item to reveal any Saved Sessions from PuTTy. You only need to click on your saved session to connect automatically to your SSH session without having to start PuTTY yourself.
Step 4 - Enhancing SFTP Access using Filezilla with public/private keys
Assuming you have already Setup Filezilla to connect using SFTP with your account password, then there is very little to do!
Just open Filezilla's Site Manager from the File menu, locate your connection profile under My Sites, and remove the password.
As long as Pageant is doing it's thing in the taskbar, then Filezilla will automatically try to connect using your private key. Simple!