Generate SSH public-private key pair in Windows

We recently set-up a nice server environment for one of our newer clients. Like all our other servers, we made it accessible only via authorised key-pairs. Yes, there are no passwords to access that server. It can only be accessed by authorised keys. We had to explain our client why it is a more secure method and how it also makes it easy to control who accesses their server. During the process we realised that this method is still not widely used, so we thought we would write a quick post about it this week.

Our developers have to access files and database of live and under-development projects hosted on remote servers on daily basis while working on their projects. Many of our clients or client-side managers are tech-savvy and hence like to access the servers which host their websites and webshops. There are even occasions when you have to give server access to external parties like module-makers or third-party auditors. You cannot create a new server user everytime a new person needs to access a server. Not only is it alot of unnecessary work but it can get tricky if you create too many server users and they are all used to update, upload or delete files. That can create problems with permission and file ownership very quickly. And then there is the big issue of changing passwords regularly (for security reasons) and then keeping everyone informed about the latest one.

Our solution to this problem? All our servers have a key-based access! Each member of our team has their own private key and they are provided access to projects by adding their public key to respective server which hosts that particular project. Once their work is done, their public key is removed from the server and hence they cannot access it anymore. The same process is applied when we have to provide server access to external parties as well. We add their keys when needed and remove it as soon as their part is done. This way same server user can be provided to multiple people and still only authorised users can use it at any given time. This also means that every one who wants to access the server has to generate their public and private key pairs. Their public keys should also be added to the server by administrator and then they have to use their private key to login to the server.

Since Windows is most popularly used OS on official computers, we will explain how you can generate your public-private ssh key-pair on a Windows machine. Note that there is still no native application to support SSH in Windows, but they have been working on it for some years now. For now, you can easily download Putty and use it as a way to establish a Secure Shell (SSH) connection to your server.

GENERATE A PUBLIC-PRIVATE KEY PAIR

There are a few ways to create SSH keys in Windows but we will tell you the easiest and friendliest one in this post.

You will need puttygen.exe to generate a public-private key pair. If you do not have it already then you can download the latest version from here.
Open the PuTTYgen program by double-clicking on the Puttygen.exe you downloaded in step 1. This will open a small window which should look like the image shown below in step 3.
Select 'SSH-2 RSA' as 'Type of key to generate' and click on the 'Generate' button.
Move your mouse randomly in the blank area below the progress bar. You will need to keep moving your cursor in the blank area till the progress bar is fully green. Have some fun while at it!
Once the progress bar is full, PuTTYgen will generate your key pair automatically.
You can also add a comment to your key, something that can be used to recognise that it is your key, may be your name or email id.
Now we know we said there are no passwords in this setup. However, you can add additional security to your private key by adding a personal passphrase to it. This will make sure that only you (who knows the passphrase) will be able to use your private key. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. Also make a note of it, you will need it to login to the server. You can create a key and use it without a passphrase too, but it is not recommended.
Click on the 'Save private key' button to save the automatically generated private key on your machine. It will generate a .ppk file. You must save this private key file at a secure location on your machine and also keep it handy. You will need it every-time you want to connect to the server.
Click on 'Save public key' button to save the automatically generated public key on your machine. You must save this public key file at a secure location on your machine and also keep it handy. Your server admin will need it every-time they have to give you access to a new server.
Alternatively, you can also copy-paste the content of 'Public key' text field to a notepad file or any other text editor file. You have to provide this to your server admin who will add it to the authorized_keys file of the user on your server. It should look something like this:

That is it. You now have a pair of public and private keys. Public key will be added to the server so that it can recognise you, and you should use the private key part so that you can tell the server that it is you.

USE YOUR PRIVATE KEY TO LOGIN TO THE SERVER

Once the server admin has added your public key to the server, you can login to the server using tools like Filezilla or Putty.

Steps to access server using Filezilla:

1. Enter the server IP in host field under 'General' tab.
2. Select 'Logon Type' as 'Key file'
3. Enter your server username in 'User' field
4. Click on browse button and navigate to the location where your private key file is saved at your local machine and select it.
5. Click on Connect.
6. It will ask you to enter Passphrase if you had added one while creating the private key.

To access the server using PuTTY, you should go through following steps:

Launch PuTTY
Enter the IP address of your server under 'Session'.
Navigate to Connection > Data  and then enter the server username in 'Auto-login username' field. You can also skip this field at this step if you want, but it will eventually ask you for the username when you connect to the server.
Navigate to Connection > SSH > Auth > Click on 'Browse...' button under 'Authentication parameters' - 'Private key file for authentication'. Locate your-private-key.ppk file on your local machine and select it.
Click on 'Open' button to log into the remote server with key pair authentication. This will connect you to the server. It wil also ask you for passphrase of your private key if you had added one while generating the privaye key.
If everything was done correctly and as explained above then you should be connected to your server by now. You can now navigate to the correct folders and continue with your usual work.

At Hungersoft, we not only do what is asked for, but also go beyond and help our customers do everything that is right and secure for their setup. Feel free to contact us for all your server setup, optimization, security and hosting needs.