Set up SSH public key authentication

Before starting you should:

• Have WinSCP installed;
• Know how to connect to the server without public key authentication.

-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAsTpvJn1Y9J9P9plxM4f46zjmsvcYbQW8Aq6NsSGOgrl5Xr1Onecv 0Ar5TbqZY0Izt3IaC31tnSwlMQDoa3rbuAun+eBwd8tPRpAS+xiK/k97ao18C6M5qHSpNm iU9DiaWN0YiGSwApfWhv6xKpI8JItA0jgaDbhuLWYmvhjYxZ+HCSGbB2/0m40zqWtkFPBh i/9clLISm5jQ9KtvXXcMehREZkFZkvHOC59cGtq/oez0kWzTIGOaLk54+d4iFNqjeEoOeL WXRaqDP8sq7AYsA/JUeOsQrkvvEKGpqvg/8PVYFt2kwqY3fQcCmqZw1OR0jyL4yGRhsSWi Fk4nvfoOfwR9YDwR8dEwSk6vj62Uwb8hdONbvTalbe/21GD22rx1tWnDRk9cuqMsJZ8RpR LRkg+DYoOF6uwiwxfZTY4xGFHaurOWQyAFFxgo1Y73JBkSj2E2kB0aHxFz4JDRHQ4teTIM hKtJKjHedkykkzw4ha0zaz8iSTuCQclF9jy5893DAAAFgAExd3sBMXd7AAAAB3NzaC1yc2 EAAAGBALE6byZ9WPSfT/aZcTOH+Os45rL3GG0FvAKujbEhjoK5eV69Tp3nL9AK+U26mWNC M7dyGgt9bZ0sJTEA6Gt627gLp/ngcHfLT0aQEvsYiv5Pe2qNfAujOah0qTZolPQ4mljdGI hksAKX1ob+sSqSPCSLQNI4Gg24bi1mJr4Y2MWfhwkhmwdv9JuNM6lrZBTwYYv/XJSyEpuY 0PSrb113DHoURGZBWZLxzgufXBrav6Hs9JFs0yBjmi5OePneIhTao3hKDni1l0Wqgz/LKu wGLAPyVHjrEK5L7xChqar4P/D1WBbdpMKmN30HApqmcNTkdI8i+MhkYbElohZOJ736Dn8E fWA8EfHRMEpOr4+tlMG/IXTjW702pW3v9tRg9tq8dbVpw0ZPXLqjLCWfEaUS0ZIPg2KDhe rsIsMX2U2OMRhR2rqzlkMgBRcYKNWO9yQZEo9hNpAdGh8Rc+CQ0R0OLXkyDISrSSox3nZM pJM8OIWtM2s/Ikk7gkHJRfY8ufPdwwAAAAMBAAEAAAGAE9oUyz3tMfGKdnf3mysW8do81T 0iakvjJHXC/11f5jq6YqdX4A4eZ/JivJczSVAIFPtd+X2CQsHIJLYSUr+/Tt1XYoEGeBS4 +5F13tR/9T6×93aDt5YABmOS9LpAPR7+Awg5EEYfBRtW92YeGEOrIvjKOQH5wSGwjbtMia yk03YsHRS7ldivkKD/cXHLEyFd+92N1EYiGXXDqjRt1A1aw23zv3SAgRo+10Rxf7yTDKNL PeLvv0gI5Dj8ChkcvjNDPmRovUA8Gq1haMzrPeOqi1sGAGIPnwdoVZhbuf8mbELY5/Xeyo odIqLgoB+rSnbALlfDFKyoWyzHb2s5xgfP35RQ0HJy6qGdSNwYWZ3n8d4hT6o+dfQyLfY6 j1fSXcrJBjADbqEE+ldI/NT2WNPnA+ROaXDQyRCl0eu+WT0Q7RcpKs/BGSdwxfPJo1ve2i NaOlj47wj8Vlz5QaCafyx4HxhEX1zeaDB0Zz0OU3eqOxlM27Q1y+HfPV/fGxo+yaGRAAAA wH87LhYlAbKYqdePGUBbcNSCmu5mpMGpdoJzMPvUau70cryDVK6MkcxdAP5RQFslx6rKT4 Q8mPGoIIZnaIFVFSswUH8K1cNxmFxp8799tEaFxQZL5bderaEStnTV/I1ApPJX7GGNR2/a FNQWLTxhl9ydqS4QIbHVPtvbVUwXeCy/HUMe8klKRIh5+Oi2e7xG7wk3ZdjJSGcZtTBn2m hOJ15xHkz1RBxPAZwMBt5QgFk1BsK59yBF3frvHHQTm/L5hwAAAMEA7BNRm9+D62FeEFkm KClCgvE3Cq6HZ7gdwU1VO7isJOSufrN/tHbjTox8ssepM/IflY0zUnSX4yQZekiWpoheUq pvl8Tebqm4OsOgqHtIDMz82Rm+e6JNpgHyzcL3er6WhQ40G4aTi33iVvOIaj+1/CmIATWB 0arSkceoYSlxxQdwh8DEt1cMj+bsR0rxg6QIOZ/mwxCOaFn2+3t51V293+suL8xAMnez0T wwQCM4aF5PIKUXhHSin/KufehiJDFJAAAAwQDAL6dthhC9hC59casdPqUeML0QN7lB3lzV zxrqzm+Vwkw/P0lGFsozAvh2WXttZ0WyjS2KT7jK7rdMCSblPfDHUbSfPKwZXfFmpEx2nm KdXo5Hntsl7/vIDhSSBk/OAnJRRq8NnXPxYIaEN/8tJVfIauflJnZqUaM9Si8Bi/kscIWK RbbEXVJPuawti9E/bzQxTmWGv6N8FcMJooBDXb4cu6zuDuxV0YK1eSg/x03sbt8YYfv6vI MbQsjircKhYqsAAAAHZnRwdXNlcgECAwQ= -----END OPENSSH PRIVATE KEY-----

Connect to your SSH server using WinSCP with the SSH protocol, using other means of authentication than public key, e.g. typically using password authentication.

Once logged in, configure your server to accept your public key. That varies with SSH server software being used. The most common SSH server is OpenSSH.

You can use Session > Install Public Key into Server command on the main window, or Tools > Install Public Key into Server command on SSH > Authentication page page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH ssh-copy-id command.

Or you can configure the key manually:

• Navigate into a .ssh subdirectory of your account home directory. You may need to enable showing hidden files to see the directory. If the directory does not exists, you need to create it first.
• Once there, open a file authorized_keys for editing. Again you may have to create this file, if this is your first key.
• Switch to the PuTTYgen window, select all of the text in the Public key for pasting into OpenSSH authorized_keys file box, and copy it to the clipboard (Ctrl+C). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can show you the public key too.
• Ensure that your account home directory, your .ssh directory and file authorized_keys are not group-writable or world-writable. Recommended permissions for .ssh directory are 700. Recommended permissions for authorized_keys files are 600. Read more about changing permissions.

There are some specifics when setting up the public key authentication on OpenSSH server on Windows.

• Save a public key file from PuTTYgen, and copy that into the .ssh2 subdirectory of your account home directory.
• In the same subdirectory, edit (or create) a file called authorization. In this file you should put a line like Key mykey.pub, with mykey.pub replaced by the name of your key file.

For other SSH server software, you should refer to the manual for that server.

When configuring session, specify path to your private key on SSH > Authentication page of Advanced Site Settings dialog.

Alternatively, load the private key into Pageant.

Cloud providers have typically their own mechanism to setup a public key authentication to virtual servers running in the cloud.

For details see guides for connecting to:

• Amazon EC2;
• Google Compute Engine;
• Microsoft Azure.

• Using public keys for authentication;
• Using PuTTYgen;
• Understanding SSH key pairs.