SSH on Windows - Certificate based login

Run puttygen.exe. We are going to use this tool to generate 2048 bits RSA encryption keys (public/private PKI). You will also need some tool to transfer the public key to the SSH server (assuming an UNIX/Linux server), i.e. WinSCP.

Generate key pair

Change default 1024 to 2048 in the "Number of bits in generated key" field. Remember to set a password on the private key (the keyphrase). Click on the "Generate" button create the key pair:

Save keys

Save the private key in a safe location on your disk. The private key should be saved as an "Putty Private Key File":

Save the public key to the same location as your private key:


Now upload the public key to the server:

Authorized keys

To enable certicate based login two things must be done on the server side:

  1. Ensure that "PubkeyAuthentication" is enabled in sshd_config.
  2. Add the uploaded public key to your ~/.ssh/authorized_keys

Now try connect using putty.exe. You should be prompted for the private key password, but login to the server should be without an password prompt.