This document describes how to set up SSH public-key authentication to connect to both OpenSSH and SSH.com SSH servers from machines running Windows with PuTTY, Unix with OpenSSH, and Unix with SSH.com SSH.
SSH public-key authentication lets you use one identity (i.e. one password) to connect to any number of SSH servers.
The SSH1 protocol should not be used; its vulnerabilities are well known. Please use SSH2.
Please send any corrections, comments, and suggestions to the address at the end of the page.
PuTTY is available from http://www.chiark.greenend.org.uk/~sgtatham/putty.
Run puttygen.exe and generate an SSH2 public/private key pair. Save these as daniel.pub and daniel.ppk.
Copy the public key to ~/.ssh/daniel.pub on the remote host using any file-transfer program.
On the remote host, convert the public key to OpenSSH format:
remote-host$ ssh-keygen -i -f ~/.ssh/daniel.pub > ~/.ssh/daniel2.pub
On the remote host, paste the contents of the public key in ~/.ssh/authorized_keys2:
remote-host$ cat ~/.ssh/daniel2.pub >> ~/.ssh/authorized_keys2
Copy the public key to ~/.ssh2/daniel.pub on the remote host using any file-transfer program.
On the remote host, add the following line to ~/.ssh2/authorization:
key daniel.pub
Add a new shortcut for pageant.exe to the Startup folder:
"C:\PATH\TO\pageant.exe" "C:\PATH\TO\daniel.ppk"
Run the shortcut or reboot.
Use putty.exe to connect to remote hosts.
Point applications (e.g. TortoiseCVS) to use plink.exe as the SSH application.
OpenSSH is available from http://www.openssh.org.
Run ssh-keygen to create the public/private key pair:
local-host$ ssh-keygen -t rsa -f ~/.ssh/daniel
Add the following lines to ~/.ssh/config:
Host * IdentityFile ~/.ssh/daniel
On the remote host, paste the contents of the public key in ~/.ssh/authorized_keys2:
local-host$ ssh remote-host 'cat >> ~/.ssh/authorized_keys2' < ~/.ssh/daniel.pub
Convert the public key to SECSH Public Key File Format:
local-host$ ssh-keygen -e -f ~/.ssh/daniel.pub > ~/.ssh/daniel2.pub
Copy the public key to the remote host:
local-host$ scp ~/.ssh/daniel2.pub remote-host:.ssh2/daniel.pub
On the remote host, add the following line to ~/.ssh2/authorization:
key daniel.pub
Run ssh-agent in the beginning of the X-session or login session:
eval `ssh-agent`
Run ssh-add to add the private key to the authentication agent.
SSH.com SSH is available from http://www.ssh.com.
Run ssh-keygen2 to create the public/private key pair:
local-host$ ssh-keygen2 -o ~/.ssh2/daniel
Add the following line to ~/.ssh2/identification:
IdKey daniel
Copy the public key to the remote host:
local-host$ scp ~/.ssh2/daniel.pub remote-host:.ssh/daniel.pub
On the remote host, convert the public key to OpenSSH format:
remote-host$ ssh-keygen -i -f ~/.ssh/daniel.pub > ~/.ssh/daniel2.pub
On the remote host, paste the contents of the public key in ~/.ssh/authorized_keys2:
remote-host$ cat ~/.ssh/daniel2.pub >> ~/.ssh/authorized_keys2
Copy the public key to the remote host:
local-host$ scp ~/.ssh2/daniel.pub remote-host:.ssh2/daniel.pub
On the remote host, add the following line to ~/.ssh2/authorization:
key daniel.pub
Run ssh-agent2 in the beginning of the X-session or login session:
eval `ssh-agent2`
Run ssh-add2 to add the private key to the authentication agent.