Generate Public And Private Key Macos

Posted on  by

PuTTYgen is a key generator tool for creating pairs of public and private SSH keys. It is one of the components of the open-source networking client PuTTY. Although originally written for Microsoft Windows operating system, it is now officially available for multiple operating systems including macOS. Sep 26, 2019  The other is the public key. The other file is a public key which allows you to log into the containers and VMs you provision. When you generate the keys, you will use ssh-keygen to store the keys in a safe location so you can bypass the login prompt when connecting to your instances. To generate SSH keys in macOS, follow these steps. The -y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the.pub file extension. If the key has a password set, the password will be required to generate the public key. To check the details of the generated public key. Mar 22, 2019  Creating a new Key pair in Mac OS X or Linux. Wikipedia; Creating a Key pair. To generate a new Key pair, run the following commands on your home computer. Open your terminal and run the following command under your username. local$ ssh-keygen -t rsa. This creates a public/private keypair of the type (-t) rsa. Generating a public/private.

Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys. Jul 09, 2019 Public Key Infrastructure (PKI) security is about using two unique keys: the Public Key is encrypted within your SSL Certificate, while the Private Key is generated on your server and kept secret. All the information sent from a browser to a website server is encrypted with the Public Key, and gets decrypted on the server side with the Private Key.

Real talk: passwords are bad. Passwords are notoriously hard to remember, yet easy for attackers to break. A secure password is a long, meaningless string containing a mix of letters, numbers, and symbols. Because they’re so hard to remember, it’s tempting to use the same password everywhere, which means you have to change all your passwords if just one login gets compromised.

Fortunately for us, SSH allows connections to be authenticated using keys. Key-based authentication is a huge improvement over a simple username and password combination.

Instead of a password, you have a pair of matched keys: one public, and one private. Anyone with access to the public key can use it to encrypt information, which can only be decrypted using the corresponding private key.

First, we need some keys to use.

Did your server provide you with keys?
Great! Let’s skip down a bit.
Don’t have any keys?
Not to worry, we can generate them.

Generate Your Keypair

If you’re using Transmit 5, Code Editor, Transmit for iOS, or Prompt, you can generate keypairs from inside the app.

If you’re on a Mac, we can generate your keypair from the command line. Open a Terminal window and enter the following command:

The $ symbol indicates a command prompt. Everything after the $ is a command to be entered.

Press Return, and you’ll see this:

The first decision to make is where to keep your key, and what to call it. For now we’ll just stick with the defaults.

Hit Return to create a keypair using the default name id_rsa and put it in the .ssh folder in your home folder.

Nerd Stuff! The Finder in macOS keeps that .ssh folder hidden. To see your .ssh folder in the Finder, press Command+Shift+G, then enter ~/.ssh. Also! The tilde (~) is filesystem shorthand for your user’s home folder. So when we say ~/.ssh, that means /Users/YOU/.ssh.

Next you can opt to encrypt your private key with a passphrase.

The passphrase is an extra layer of security on your private key. With a passphrase, not only does someone need to gain access to your private key, they also need your passphrase in order to make use of it.

To set a passphrase, enter it here.

To skip setting a passphrase, hit Return without typing anything.

Whether you set a passphrase or not, you’ll be asked to confirm it. Enter the passphrase again, or just press Return.

Your keypair has been generated.

Note that the private key is called “id_rsa” and the public key is “id_rsa.pub”, and they’re both in a folder called “.ssh” in your home folder.

The Public Key

The public key (the one ending in .pub) goes on the remote server. If your server administrator provided you with a key to use, they’ve likely already taken care of this for you. If not, you’ll need to find a way to put your public key on the server.

In most cases, this means connecting with a username and password. Once connected, navigate into ~/.ssh/ on the remote server and look for a file called authorized_keys or authorized_keys2. Open that file in a text editor, and append the entire contents of your public key onto the end of the file.

Your public key is a text file with a single long line. Enter this command to see it:

It should look like this:

Note:This is just an example. This is not a valid public key.

The Private Key

The private key stays private. The .ssh folder in your home folder is a good place to keep it. Enter this command to see it:

Your private key should look something like this:

Note:This is just an example. This is not a valid private key.

The ~/.ssh/config File

Along with your public and private keys, your .ssh folder can contain a file called config containing settings and preferences relating to your keys and servers. There are too many possible options to list here, and not every possibility is supported (or even practical) in every app.

You may need to create the config file if it doesn’t already exist.

As a basic example, here’s what you’d put in your config so that the key called exampleKey is used when connecting with the username user to the server example.com.

This is a great way to tell apps which key file goes with which server, especially if you use non-standard names for your keys, you keep your keys outside of ~/.ssh, or if you use passphrase-encrypted keys, which Coda and Transmit cannot validate.

You probably won’t ever need to touch your config file. There are a handful of special-snowflake situations where setting an option in the config file is the only way to make it work. Your server administrator can guide you if problems arise.

Though all of our apps offer some level of support for key-based authentication, there are some differences from app to app in how keys are handled.

Supported Formats

Generally, our apps support ECDSA, RSA and DSA keys in PEM format.

Transmit 5 and Prompt 2 have additional support for Ed25519, ECDSA, RSA and DSA keys in OpenSSH format.

OpenSSH has deprecated the DSA public key algorithm due to its inherent weakness. DSA keys are disabled by default in macOS Sierra. We strongly recommend against using DSA keys if possible.

PuTTY/PPK

Keys in the PuTTY format (PPK) are not supported. If you have a PuTTY key, you can convert it to OpenSSH/PEM by following these instructions under the Dealing with Private Keys in Other Formats section.

The Present

We’re using an SSH library based on libssh2 and OpenSSL. This library, used in Transmit 5, Coda 2, Prompt, Transmit iOS, and Code Editor, currently supports the following:

KexAlgorithms
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
Ciphers
aes128-ctr
aes192-ctr
aes256-ctr
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
arcfour
arcfour128
cast128-cbc
3des-cbc
MACs
sha2-512-etm@openssh.com
sha2-512
sha2-256-etm@openssh.com
sha2-256
sha1
sha1 96
ripemd160

Beyond what libssh2 includes, we’ve added support for ECDSA and EtM. We’ll continue to refine and improve this library, and push our changes to the upstream libssh2 project.

Legacy releases

Transmit 4 and Coda 1 used the OpenSSH library built-in to Mac OS X. This means key support in Transmit 4 and Coda 1 is limited to what the OS-provided library supports.

Host Key Verification

The first time you connect to a server, we keep a local copy of the key the server uses to identify itself. On future connections, we can use this stored key to verify that the server we’re connecting to now is the same one we’ve connected to before. Without host key verification, we’d be vulnerable to man-in-the-middle attacks.

If an app warns that the host key has changed, it means this server’s key looks different from the key we stored the first time we connected to this server. If this is unexpected, you should reject the changed key, cease connecting to this server, and contact your server administrator.

In Transmit (version 5 and later), Code Editor and Prompt, the host key fingerprint is displayed the first time you connect to a new server.

In Coda, Transmit iOS, and older versions of Transmit, the host key is blindly accepted on first connection. This is generally fine, but it’s something to be aware of if you’re on an untrusted local network.

To view the host key fingerprint used in Coda or Transmit, open the file ~/.ssh/known_hosts and find the line that corresponds to your server. If you need to reset the host key for a server, just remove the entire line for that server from the known_hosts file.

In Code Editor and Prompt, you can view the fingerprint at any time from the server settings.

Advanced Features

Prompt and the terminal in Code Editor support agent forwarding. Coda, Transmit, and Transmit iOS do not.

Generate Public And Private Key Macos

Port forwarding, X11 forwarding, and ProxyCommand are not currently supported.

App-Specific Notes

Coda

In the Server pane of Coda’s Site configuration sheet, there is a button with a key icon to the right of the password field. This button opens a file picker that allows you to choose a private key to use when connecting to this server. Coda automatically attempts to use any keys it finds in your .ssh folder.

When choosing a key via this button, Coda will attempt to verify the format of the key to make sure that it’s valid and supported.

If your key is encrypted with a passphrase, Coda’s key-chooser will be unable to verify it. See the config file workaround above.

If you’ve specified an encrypted key for use with this server in your config file, you can leave the key button alone and put the passphrase in Coda’s password field.

The Terminal, Source Control, and MySQL functions in Coda also support keys, but you will need to add your key to the config file.

Generate Public Private Key Pair Mac

Transmit 5

In the latest version of Transmit we’ve added the ability to store keys right in Transmit itself. Additionally, Transmit 5 still supports keys defined in in your config file.

For a more comprehensive overview of the many ways Transmit 5 can be configured to use key-based authentication please see Transmit 5 SFTP Authentication.

Transmit 4

When connecting to an SFTP server, there is a button with a key icon to the right of the password field. This button works in much the same way as the same button in Coda: it opens a file picker that allows you to choose a private key for use when connecting to this server. Transmit will automatically attempt to use any keys it finds in your .ssh folder.

When choosing a key via this button, Transmit will attempt to verify the format of the key to make sure that it’s valid and supported.

If your key is encrypted with a passphrase, Transmit’s key-chooser will be unable to verify it. See the config file workaround above.

If you’ve specified an encrypted key for use with this server in your config file, you can leave the key button alone and put the passphrase in Transmit’s password field.

Prompt

When creating a new server connection, tap the key icon next to the password field to choose a private key. If the key is encrypted with a passphrase, you can enter it when choosing the key. If you do not enter the passphrase, you will be prompted for it whenever you connect to this server.

Important! If you want to use a key with a passphrase for agent forwarding, you must enter the passphrase when adding the key to the server connection.

You can view, import, and create keys in the Keys pane of Prompt’s Settings.

To add a key for use in Prompt, open the Settings pane, tap Keys, then tap the + button at the top right of the Keys pane. You can choose to either Generate a new key, or Import an existing key.

Generate New Key

To generate a new key, tap the + button on the Keys pane of Prompt’s settings and choose Generate New Key. Choose a descriptive name for your key, and optionally set a passphrase. Choose your key type, and size. Then tap “Generate” to create your keypair. Once it’s finished generating, tap Copy Public Key to put the public key on your pasteboard. We’ll use it in the next step.

Now that you have your keypair, you’ll want to put the public key on the remote server. Usually this means this means connecting with a username and password one last time. Once connected, navigate into ~/.ssh/ on the remote server and look for a file called authorized_keys or authorized_keys2. Open that file in a text editor, and paste the public key onto the end of the file.

They provide a number of days for you to complete the activation process. They are the default keys that are inserted if you choose to skip entering a Product Key during the installation process.The product keys listed in this section can be used with any of the answer files and scripted examples. Garmin product key generator 2012. They are blocked at the Microsoft clearinghouse and therefore cannot be used to activate any systems. All of the examples provided are installation keys only; they will not activate your installed version of Windows.

Copy from Clipboard

To import a key from the iOS Clipboard, first select and copy the entire contents of the private key to the pasteboard. After the private key is on the Clipboard, go to Prompt’s Settings, tap Keys, then tap the + button and choose Copy from Clipboard. If your key is in a valid and supported format – and if it’s the private key, not the public key – Prompt will import the key for you.

Import from iTunes

Use iTunes File Sharing to import your private key. Note that Prompt does not support importing arbitrary files via iTunes File Sharing; this only works for keys.

Agent Forwarding

To enable agent forwarding in Prompt, toggle the Agent Forwarding switch in the Server settings. If your key uses a passphrase, you’ll need to have entered it when you added the key to the server entry.

Code Editor

When creating a remote server connection in a new Site, tap the key icon next to the password field to choose a private key. If the key is encrypted with a passphrase, you can enter it when choosing the key. If you do not enter the passphrase, you will be prompted for it whenever you connect to this server.

Important! If you want to use a key with a passphrase for agent forwarding, you must enter the passphrase when adding the key to the server connection.

You can view, import, and create keys in the Keys pane of Coda’s Settings.

To add a key for use in Coda, open the Settings pane, tap Keys, then tap the + button at the top right of the Keys pane. You can choose to either Generate a new key, or Import an existing key.

Generate New Key

To generate a new key, tap the + button on the Keys pane of Coda’s settings and choose Generate New Key. Choose a descriptive name for your key, and optionally set a passphrase. Choose your key type, and size. Then tap “Generate” to create your keypair. Once it’s finished generating, tap Copy Public Key to put the public key on your pasteboard. We’ll use it in the next step.

Now that you have your keypair, you’ll want to put the public key on the remote server. Usually this means this means connecting with a username and password one last time. Once connected, navigate into ~/.ssh/ on the remote server and look for a file called authorized_keys or authorized_keys2. Open that file in a text editor, and paste the public key onto the end of the file.

Import From Pasteboard

To import a key from the iOS Pasteboard, first select and copy the entire contents of the private key to the pasteboard. After the private key is on the pasteboard, go to Coda’s Settings, tap Keys, then tap the + button and choose Import from Pasteboard. If your key is in a valid and supported format – and if it’s the private key, not the public key – Coda will import the key for you.

Import from Local

Use this option to import a private key from the Local file storage on your iOS device. One example where this is useful is if you’ve got your private key on your Mac. Use Coda to connect to your Mac on the same local network, then transfer the key into Coda’s Local file storage. Once the key is in Coda’s local file storage, it can be imported for use.

Import from iTunes

Use iTunes File Sharing to import your private key. Note that Coda does not support importing arbitrary files via iTunes File Sharing; this only works for keys.

Agent Forwarding

To enable agent forwarding in Code Editor, toggle the Agent Forwarding switch in the Terminal pane of the Site’s settings. If your key uses a passphrase, you’ll need to have entered it when you added the key to the server entry.

Transmit iOS

When creating a new server connection, tap the key icon next to the password field to choose a private key. If the key is encrypted with a passphrase, you can enter it when choosing the key. If you do not enter the passphrase, you will be prompted for it whenever you connect to this server.

You can view, import, and create keys in the Keys pane of Transmit’s Settings.

To add a key for use in Transmit, open the Settings pane, tap Keys, then tap the + button at the top right of the Keys pane. You can choose to either Generate a new key, or Import an existing key.

Generate New Key

To generate a new key, tap the + button on the Keys pane of Transmit’s settings and choose Generate New Key. Choose a descriptive name for your key, and optionally set a passphrase. Choose your key type (we recommend RSA), and size (we recommend 2048 or 4096). Then tap “Generate” to create your keypair. Once it’s finished generating, tap Copy Public Key to put the public key on your pasteboard. We’ll use it in the next step.

Now that you have your keypair, you’ll want to put the public key on the remote server. Usually this means this means connecting with a username and password one last time. Once connected, navigate into ~/.ssh/ on the remote server and look for a file called authorized_keys or authorized_keys2. Open that file in a text editor, and paste the public key onto the end of the file.

Import From Pasteboard

To import a key from the iOS Pasteboard, first select and copy the entire contents of the private key to the pasteboard. After the private key is on the pasteboard, go to Transmit’s Settings, tap Keys, then tap the + button and choose Import from Pasteboard. If your key is in a valid and supported format – and if it’s the private key, not the public key – Transmit will import the key for you.

Import from Local

Use this option to import a private key from the Local file storage on your iOS device. One example where this is useful is if you’ve got your private key on your Mac. Use Transmit to connect to your Mac on the same local network, then transfer the key into Transmit’s Local file storage. Once the key is in Transmit’s local file storage, it can be imported for use in Transmit.

Import from iTunes

Use iTunes File Sharing to import your private key. Note that Transmit does not support importing arbitrary files via iTunes File Sharing; this only works for keys.

Troubleshooting

Why does it say my key is not in a supported format?

The most common reason you’d see this error is if you select a passphrase-encrypted key via the key chooser button in either Coda or Transmit on macOS. Coda and Transmit want to validate the key before letting you use it, but the encryption prevents that from happening. (Admittedly, this is not ideal, and should be improved.)

As a workaround, add your key to the ~/.ssh/config file, skip the key button altogether, and put the passphrase in the password field.

You’ll also get this error if you use a key in an unsupported format, such as a PuTTy key. Make sure you’re using a supported key.

Mac Generate Public Private Key Pair

Why can’t I import my key from the pasteboard?

Most of the time this is a format issue. Are you sure you’re using a supported key?

Double-check that it’s the private key, not the public key. They look different (see the abovesections on each), so it should be easy to tell.

One particularly nasty gotcha to watch out for involves the text substitution feature of macOS. For example, let’s say you copy and paste the contents of your private key somewhere easily accessible from your iOS device. You might notice that macOS has helpfully changed runs of hyphens (----) into em-dashes (––).

Your private key used to look like this:

But it now looks like this:

Generate Public And Private Key Mac Os 10

It’s a subtle difference, but it’s enough to break your key. Watch out!

Before you begin

Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. You keep the private key a secret and store it on the computer you use to connect to the remote system. Conceivably, you can share the public key with anyone without compromising the private key; you store it on the remote system in a .ssh/authorized_keys directory.

To use SSH public-key authentication:

  • The remote system must have a version of SSH installed. The information in this document assumes the remote system uses OpenSSH. If the remote system is using a different version of SSH (for example, Tectia SSH), the process outlined below may not be correct.
  • The computer you use to connect to the remote server must have a version of SSH installed. This document includes instructions for generating a key pair with command-line SSH on a Linux or macOS computer, and with PuTTY on a Windows computer.
  • You need to be able to transfer your public key to the remote system. Therefore, you must either be able to log into the remote system with an established account username and password/passphrase, or have an administrator on the remote system add the public key to the ~/.ssh/authorized_keys file in your account.
  • Two-factor authentication using Two-Step Login (Duo) is required for access to the login nodes on IU research supercomputers, and for SCP and SFTP file transfers to those systems. SSH public-key authentication remains an option for researchers who submit the 'SSH public-key authentication to HPS systems' user agreement (log into HPC everywhere using your IU username and passphrase), in which you agree to set a passphrase on your private key when you generate your key pair. If you have questions about how two-factor authentication may impact your workflows, contact the UITS Research Applications and Deep Learning team. For help, see Get started with Two-Step Login (Duo) at IU and Help for Two-Step Login (Duo).

Generate Public And Private Key Macos Pro

Set up public-key authentication using SSH on a Linux or macOS computer

To set up public-key authentication using SSH on a Linux or macOS computer:

  1. Log into the computer you'll use to access the remote host, and then use command-line SSH to generate a key pair using the RSA algorithm.

    To generate RSA keys, on the command line, enter:

  2. You will be prompted to supply a filename (for saving the key pair) and a password (for protecting your private key):
    • Filename: To accept the default filename (and location) for your key pair, press Enter or Return without entering a filename.

      Alternatively, you can enter a filename (for example, my_ssh_key) at the prompt, and then press Enter or Return. However, many remote hosts are configured to accept private keys with the default filename and path (~/.ssh/id_rsa for RSA keys) by default. Consequently, to authenticate with a private key that has a different filename, or one that is not stored in the default location, you must explicitly invoke it either on the SSH command line or in an SSH client configuration file (~/.ssh/config); see below for instructions.

    • Password: Enter a password that contains at least five characters, and then press Enter or Return. If you press Enter or Return without entering a password, your private key will be generated without password-protection.
      If you don't password-protect your private key, anyone with access to your computer conceivably can SSH (without being prompted for a password) to your account on any remote system that has the corresponding public key.

    Your private key will be generated using the default filename (for example, id_rsa) or the filename you specified (for example, my_ssh_key), and stored on your computer in a .ssh directory off your home directory (for example, ~/.ssh/id_rsa or ~/.ssh/my_ssh_key).

    The corresponding public key will be generated using the same filename (but with a .pub extension added) and stored in the same location (for example, ~/.ssh/id_rsa.pub or ~/.ssh/my_ssh_key.pub).

  3. Use SFTP or SCP to copy the public key file (for example, ~/.ssh/id_rsa.pub) to your account on the remote system (for example, darvader@deathstar.empire.gov); for example, using command-line SCP:

    You'll be prompted for your account password. Your public key will be copied to your home directory (and saved with the same filename) on the remote system.

  4. Log into the remote system using your account username and password.
    If the remote system is not configured to support password-based authentication, you will need to ask system administrators to add your public key to the ~/.ssh/authorized_keys file in your account (if your account doesn't have ~/.ssh/authorized_keys file, system administrators can create one for you). Once your public key is added to your ~/.ssh/authorized_keys file on the remote system, the setup process is complete, and you should now be able to SSH to your account from the computer that has your private key.
  5. If your account on the remote system doesn't already contain a ~/.ssh/authorized_keys file, create one; on the command line, enter the following commands:
    If your account on the remote system already has a ~/.ssh/authorized_keys file, executing these commands will not damage the existing directory or file.
  6. On the remote system, add the contents of your public key file (for example, ~/id_rsa.pub) to a new line in your ~/.ssh/authorized_keys file; on the command line, enter:

    You may want to check the contents of ~/.ssh/authorized_keys to make sure your public key was added properly; on the command line, enter:

  7. You may now safely delete the public key file (for example, ~/id_rsa.pub) from your account on the remote system; on the command line, enter:

    Alternatively, if you prefer to keep a copy of your public key on the remote system, move it to your .ssh directory; on the command line, enter:

  8. Optionally, repeat steps 3-7 to add your public key to other remote systems that you want to access from the computer that has your private key using SSH public-key authentication.
  9. You now should be able to SSH to your account on the remote system (for example, username@host2.somewhere.edu) from the computer (for example, host1) that has your private key (for example, ~/.ssh/id_rsa):
    • If your private key is password-protected, the remote system will prompt you for the password or passphrase (your private key password/passphrase is not transmitted to the remote system):
    • If your private key is not password-protected, the remote system will place you on the command line in your home directory without prompting you for a password or passphrase:

    If the private key you're using does not have the default name, or is not stored in the default path (not ~/.ssh/id_rsa), you must explicitly invoke it in one of two ways:

    • On the SSH command line: Add the -i flag and the path to your private key.

      For example, to invoke the private key host2_key, stored in the ~/.ssh/old_keys directory, when connecting to your account on a remote host (for example, username@host2.somewhere.edu), enter:

    • In an SSH client configuration file: SSH gets configuration data from the following sources (in this order):
      1. From command-line options
      2. From the user's client configuration file (~/.ssh/config), if it exists
      3. From the system-wide client configuration file (/etc/ssh/ssh_config)

      The SSH client configuration file is a text file containing keywords and arguments. To specify which private key should be used for connections to a particular remote host, use a text editor to create a ~/.ssh/config that includes the Host and IdentityFile keywords.

      For example, for connections to host2.somewhere.edu, to make SSH automatically invoke the private key host2_key, stored in the ~/.ssh/old_keys directory, create a ~/.ssh/config file with these lines included:

      Once you save the file, SSH will use the specified private key for future connections to that host.

      You can add multiple Host and IdentityFile directives to specify a different private key for each host listed; for example:

      Alternatively, you can use a single asterisk ( * ) to provide global defaults for all hosts (specify one private key for several hosts); for example:

      For more about the SSH client configuration file, see the OpenSSH SSH client configuration file on the web or from the command line (man ssh_config).

Set up public-key authentication using PuTTY on a Windows 10 or Windows 8.x computer

The PuTTY command-line SSH client, the PuTTYgen key generation utility, the Pageant SSH authentication agent, and the PuTTY SCP and SFTP utilities are packaged together in a Windows installer available under The MIT License for free download from the PuTTY development team.

After installing PuTTY:

  1. Launch PuTTYgen.
  2. In the 'PuTTY Key Generator' window, under 'Parameters':
    • For 'Type of key to generate', select RSA. (In older versions of PuTTYgen, select SSH2-RSA.)
    • For 'Number of bits in a generated key', leave the default value (2048).
  3. Under 'Actions', click Generate.
  4. When prompted, use your mouse (or trackpad) to move your cursor around the blank area under 'Key'; this generates randomness that PuTTYgen uses to generate your key pair.
  5. When your key pair is generated, PuTTYgen displays the public key in the area under 'Key'. In the 'Key passphrase' and 'Confirm passphrase' text boxes, enter a passphrase to passphrase-protect your private key.
    If you don't passphrase-protect your private key, anyone with access to your computer will be able to SSH (without being prompted for a passphrase) to your account on any remote system that has the corresponding public key.
  6. Save your public key:
    1. Under 'Actions', next to 'Save the generated key', click Save public key.
    2. Give the file a name (for example, putty_key), select a location on your computer to store it, and then click Save.
  7. Save your private key:
    1. Under 'Actions', next to 'Save the generated key', click Save private key.
      If you didn't passphrase-protect your private key, the utility will ask whether you're sure you want to save it without a passphrase. Click Yes to proceed or No to go back and create a passphrase for your private key.
    2. Keep 'Save as type' set to PuTTY Private Key Files (*.ppk), give the file a name (for example, putty_private_key), select a location on your computer to store it, and then click Save.
    3. If you wish to connect to a remote desktop system such as Research Desktop (RED), click Conversions > Export OpenSSH key, give the file a name (for example, putty_rsa), select a location on your computer to store it, and then click Save.
  8. Log into the remote system using your account username and password.

    If the remote system does not support password-based authentication, you will need to ask system administrators to add your public key to the ~/.ssh/authorized_keys file in your account (if your account doesn't have ~/.ssh/authorized_keys file, system administrators can create one for you). Once your public key is added to your account's ~/.ssh/authorized_keys file on the remote system..

  9. If your account on the remote system doesn't already contain a ~/.ssh/authorized_keys file, create one; on the command line, enter the following commands:

    If your account on the remote system already has ~/.ssh/authorized_keys, executing these commands will not damage the existing directory or file.

  10. On your computer, in the PuTTYgen utility, copy the contents of the public key (displayed in the area under 'Key') onto your Clipboard. Then, on the remote system, use your favorite text editor to paste it onto a new line in your ~/.ssh/authorized_keys file, and then save and close the file.
  11. On your computer, open the Pageant SSH authentication agent. This utility runs in the background, so when it opens, you should see its icon displayed in the Windows notification area.
  12. In the Windows notification area, right-click on the Pageant icon, select Add Key, navigate to the location where you saved your private key (for example, putty_private_key.ppk), select the file, and then click Open.
  13. If your private key is passphrase-protected, Pageant will prompt you to enter the passphrase; enter the passphrase for your private key, and then click OK.

    If your private key is not passphrase-protected, Pageant will add your private key without prompting you for a passphrase.

    Either way, Pageant stores the unencrypted private key in memory for use by PuTTY when you initiate an SSH session to the remote system that has your public key.

  14. On your computer, open the PuTTY SSH client:
    1. On the Session screen:
      • Under 'Host Name (or IP address)', enter your username coupled with the hostname of the remote server that has your public key; for example:
      • Under 'Connection type', make sure SSH is selected.
    2. In the 'Category' list on the left, navigate to the Auth screen (Connection > SSH > Auth). On the Auth screen, under 'Authentication methods', select Attempt authentication using Pageant.
    3. Return to the Session screen, and under 'Saved Sessions', enter a name (for example, Deathstar), and then click Save.
    4. Click Open to connect to your account on the remote system. With Pageant running in the background, PuTTY will retrieve the unencrypted private key automatically from Pageant and use it to authenticate. Because Pageant has your private key's passphrase saved (if applicable), the remote system will place you on the command line in your account without prompting you for the passphrase.
    Technically, at this point, the setup is complete. In the future, whenever you log into your Windows desktop, you can run Pageant, add the private key, and then use PuTTY to SSH to any remote resource that has your public key. Alternatively, you can create a shortcut in your Windows Startup folder to launch Pageant and load your private key automatically whenever you log into your desktop. For instructions, finish the rest of the following steps.
  15. Open your Startup folder. Press Win-r, and in the 'Open' field, type shell:startup, and then press Enter.
  16. Right-click inside the Startup folder, and then select New and Shortcut.
  17. In the 'Type the location of the item' text box, enter the path to the Pageant executable (pageant.exe) followed by the path to your private key file (for example, putty_private_key.ppk); enclose both paths in double quotes; for example:
  18. Click Next, and then, in the 'Type a name for this shortcut' text box, enter a name for the shortcut (for example, PAGEANT).
  19. Click Finish.

The next time you log into your Windows desktop, Pageant will start automatically, load your private key, and (if applicable) prompt you for the passphrase.