This article assumes you have already installed the PuTTY suite of applications.
Ssh Command Private Key
Public/private key authentication, as the name suggests, uses two special cryptographic text files (called keys) to authenticate your login. The private key remains on your computer and should be kept safe from unauthorised access. The public key can be freely installed on remote systems. It doesn't matter if your public key gets stolen or lost. Because only you have the private key you can always regenerate the public key again from it. The key files are just plain text - nothing magical. You can open them in notepad if you are curious!
$ ssh-keygen On execution, we are prompted to specify a file in which to save the private key, the default being /home/user/.ssh/idrsa; here idrsa is the name of our Private Key file. You can always specify a different path and name for the Private Key file. WARNING: UNPROTECTED PRIVATE KEY FILE! Permissions 0755 for '/home/etc.ssh/idrsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. Bad permissions: ignore key: then the FILE PATH in.
- Generate your public/private key pair
Start PuTTYgen, and choose a type of key to generate and keysize. If you are unsure what to choose, just copy the settings shown below.Click the Generate button.
PuTTYgen will then ask you to wiggle your mouse around for a while to help it generate the key.When you've shuffled your key around the area enough, the green bar will reach the right side and PuTTYgen will create your keypair and you will see something like this:Just fill in the Key comment field (your name is a good idea), and enter a STRONG passphrase including upper and lowercase letters, numbers, and symbols. Keep this passphrase somewhere secure so you can get to it later (you'll need it anytime you want to use your private key from a new computer).
If your private key ever gets stolen, this password is your last line of defence. A private key with a weak or no passphrase is a gift to hackers! Generally speaking, a good 16 character passphrase will keep the world's most powerful computers at bay until the sun burns out!
Click the Save private key button and save your private key with the .ppk extension (you'll need this file later in this guide).
Your public key doesn't need saving because it can always be generated instantly from the private key - but don't close PuTTYgen yet because we're going to do some cPanel magic. - Setting up your cPanel account with your public key
Log into your cPanel account, and click on the SSH Access icon in the Security group of icons.Click the Manage SSH Keys button.Click the Import Key button to get the Import SSH Key screen.Now, switch back to PuTTYgen, and select ALL of the text in the box at the top entitled Public key for pasting into OpenSSH authorized_keys file: and copy it.Switch back to cPanel again, and paste in your public key into the public key text box. Give your public key a name, as shown (this becomes the filename your public key is saved as) and click the Import button. If you don't give your key a name, it will default to being called id_dsa.The next step is to authorise your public key.Back on the Manage SSH Keys cPanel screen, click Manage for your key (as shown)
Then, on the Manage Authorization screen just click the Authorize button and you should receive a confirmation that the key has been authorised. That's it, you're now ready to use your private key! - Configuring Pageant to decode your private key for PuTTY and Filezilla
OK, remember back in Step 1, we saved your private key with a .ppk extension?
Open the Pageant application (part of the PuTTY tools that you installed already).
Did nothing happen? That's OK - Pageant only runs as a small taskbar icon (It looks like a little PC with a hat on).Now, right-click the little Pageant icon, and a context menu will pop up. Select Add Key from the popup menu.This will open a file selection window. Simply browse to wherever you saved your .ppk (private key) file in Step 1 and click Open.
You did remember to store that strong passphrase from Step 1 somewhere, didn't you? Enter it in the text box and click OK.That's it. Pageant now has your private key open and ready for use by other applications. You can check your keys by right-clicking Pageant and selecting View Keys.
Or, and this is the neat part, you can right-click Pageant, and hover your mouse over the Saved Sessions menu item to reveal any Saved Sessions from PuTTy. You only need to click on your saved session to connect automatically to your SSH session without having to start PuTTY yourself.
Enhancing SFTP Access using Filezilla with public/private keys
Assuming you have already Setup Filezilla to connect using SFTP with your account password, then there is very little to do
Just open Filezilla's Site Manager from the File menu, locate your connection profile under My Sites, and remove the password.
Private Key Ssh File Location
As long as Pageant is doing its thing in the taskbar, then Filezilla will automatically try to connect using your private key.
How did we do?
Related Articles
I was just setting up my AWS CLI on a new Windows 10 machine and I ran into this error when trying to remote into my EC2 instance.
This is not related to AWS in any shape or form – it is a straightforward SSH requirement that is enforced on both Windows and Unix systems.
The issue is that we haven’t protected our private key file so if we’re going to use it to connect to an SSH endpoint then the OS forces us to conform to security standards by flagging up that UNPROTECTED PRIVATE KEY FILE error.
Unprotected Private Key File Ssh Mac
The solution is simple – we must fix exactly what it tell us to do in those bold capital letters. So let’s fix the security settings for our file.
The private key file that I’m trying to use as you may see from the screenshot is “ec2-demo.pem”. So we start by finding it in Windows Explorer.
now right-click on it and go to “Properties” and then the “Security” tab and then click on “Advanced”.
On the Advanced tab we need to do the folowing:
- Make sure that you, the user who is logged in, is the file owner
- Disable inheritance. If it prompts you to remove all current inherited permissions then accept it.
- We need to give us Full Control. First, make sure that the Permission Entries panel is empty, i.e. there are no explicit permissions set. Then click on Add, then click on Select a Principal at the top and then click on “Advanced” and use “Find Now” to find the user you are logged in as. Once you find it, tick the Full Control box and click ok.
Close all windows and try running your SSH command again. It should work now.
If it doesn’t, here’s the check list: double check that you are the owner of the file, that you have Full Control permissions assigned and finally that there are no other permissions set except the one giving you full control.