Using PuttyGen to generate keys for use with SSH/SFTP Clients
To generate a set of RSA keys with PuTTYgen:
- Start the PuTTYgen utility by double-clicking on its .exe file.
- For Type of key to generate, select RSA.
- In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to crack the key by brute-force methods).
- Click the Generate button.
- Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full.
- A private/ public key pair has now been generated.
- In the Key comment field, enter any comment you'd like in order to help you identify this key pair later on (e.g. your e-mail address; home; office; etc.). The key comment is particularly useful in the event that you end up creating more than one key pair.
- Type a passphrase in the Key passphrase field and re-type the same passphrase in the Confirm passphrase field. Your PuTTYgen screen should look similar to the following:
- Click the Save public key button and choose whatever filename you'd like (some users create a folder in their computer named my_keys).
- Click the Save private key button and choose whatever filename you'd like (you can save it in the same location as the public key, but it should be a location that only you can access and that you will NOT lose!).
- Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
- Right-click again in the same text field and choose Copy.
- Send your public key (the one you just copied to the clipboard) to the systems administrator who requested it. Keep your private key secure. Do not share your private key with anyone, ever.
- After sending the public key, you will need to configure your FTP client software to use the private key you created. Links to instructions for some popular FTP clients is provided below (you may need to consult your software's documentation).
WinSCP - Authentication Page (Advanced Site Settings dialog), go to Private key file section.
Creating a profile and having it point to your private key (see image below) is recommended.
- Once your SFTP client has been configured, log into the SFTP server. When prompted to enter your passphrase (or password, etc.) enter the same password you gave when you created your public/private key pair. If authentication was successful you should see a panel similar to the one below (depending on your client). If you wish, you can right-click and create a file, upload a file, or download a file (if available) to test write/read access.