Security Ssh Keys How To

1.  How to - Generating and using ssh keys

1.1  Windows

Making keys

1. Download puttygen from

2. In the "Parameters" section choose SSH2 DSA and length 4096 and press Generate.

3. Move your mouse randomly in the small screen in order to generate the key pairs.

4. Enter a key comment, which will identify the key (useful when you use several SSH keys).

5. Type in the passphrase and confirm it. The passphrase is used to protect your key. You will be asked for it when you connect via SSH. Like passwords, passphrases need to be strong. Note: Some Windows apps still dont allow passphrases on keys. In that case, we have to do without, and you have to keep your private key even more than 100% secured. ;)

6. Click "Save private key" to save your private key.

7. Click "Save public key" to save your public key.

8. Copy the public key in openssh format (!!! - available in puttygens output window) and give that one to server admin -

9. Keep private key safe - never mail it, never share it, not even with sysadmin.

Using public keys in Filezilla/Windows

1. open filezilla

go to

 edit --> settings --> sftp

add your private key there.

2. go to filezilla site manager

add new connection,

sftp - ftp over ssh

mode interactive

type in username, but no password

make sure server and port are correct!

That should be all!

1.2  Mac = Unix :)

Use ssh-keygen

Give the public (!) key to server admin - keep private key safe

Filezilla usage as in Windows

1.3  Linux

use ssh-keygen

Give the public (!) key to server admin - keep private key safe

1.4  Troubleshooting

Public keys generated on Linux/Unix typically work just fine on Linux/Unix (open)ssh servers.

When problems occur, a first thing to check is:

1. On the server, the file permissions of the file holding the authorized_keys may be wrong. The file must be owned by the user, and have 644 permissions set.

Keys exported from Windows or Mac might give a few surprises, depending on how they were created.

Here is the most likely things to go wrong:

2. The public key is broken into several lines, i.e. it has line shifts/returns in it. Public keys MUST be one line!

3. The public key is lacking the type announcement, e.g.




A valid pub key starts like this:

  ssh-dss AAAAB3NzaC1......