Utilities

How to generate a Public/Private key pair using PuTTY

Peter

Peter

2 min read

1. Prerequisites

Install PuTTY on a Windows device. (Follow my guide here.)

2. Start PuTTYgen

Start PuTTYgen (this will have been installed as part of the PuTTY install)

A PuTTY Key Generator window is open with options to generate a new key pair, load an existing private key, or save keys. The selected key type is EdDSA (Ed25519, 255 bits).

3. Choose the type of key to generate

The choice here is between RSA and EdDSA, the trade-off is between performance and compatibility. RSA is universally supported among SSH clients while EdDSA performs much faster and provides the same level of security with significantly smaller keys. (For a full discussion see here.) ECDSA and DSA are both now considered insecure so do not use these.EdDSA is compatible with Raspberry Pi OS and TrueNAS Scale so is a good choice.

4. Generate the key

Click ‹Generate› and then move the mouse pointer within the area below the progress bar. This introduces some randomness.

A PuTTY Key Generator window with a progress bar indicating the need for randomness, suggesting the user should move the mouse to generate entropy necessary for key generation.
The PuTTY Key Generator application window displaying a generated public key for SSH, a key fingerprint, and fields for key comment and passphrase.

This has generated the public key we will use later. In this case:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC7OlzesPfehPyD87m0uGElWk13BPpiTAg0ydLHchkNO eddsa-key-20240401

Note there are no carriage returns in the text, only spaces.

5. Save the Keys

It seems intuitive to click <Save public key> to save a text file containing the public key but note this will not save the key in a format that can be imported to Authorized_keys. Copy the text from the Key box and save and use this.

Now click <Save private key> to save a copy of the private key. At this point you can also enter a Key passphrase this will increase the level of security but will have to be entered every time you log in.

A PuTTY Key Generator window displaying an EdDSA public key ready to be saved, with options to generate a key pair, load an existing key, and save keys. Save public key is selected.
A screenshot of the PuTTY Key Generator with a completed EdDSA key, a key passphrase entered, and the option to save the private key highlighted.

If you have access to the console of the device you wish to enable eccess with keys the easiest method is to execute the following comands:

mkdir -p ~/.ssh

The next command will write the public key to the file authorized_keys in the hidden folder .ssh you just created.echo "put your key here" >> ~/.ssh/authorized_keysSo for the above key it will look like this:

echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC7OlzesPfehPyD87m0uGElWk13BPpiTAg0ydLHchkNO eddsa-key-20240401 >> ~/.ssh/authorized_keys

Now lets secure the directory and file so that only the used has access to the files. First remove group and other rights to .ssh recursivley.

chmod -R go= ~/.ssh

The owner of the directory and files withingn it should already be set but just to be sure replace owner in the following with the user you are logged in as:

chown -R owner:owner ~/.ssh

Read more