Benefits of SSH keys
If VPS/Dedicated server is visible over the Internet, you should use public key authentication instead of passwords, if at all possible. This is because SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private “key” (two mathematically-linked algorithms that are effectively impossible to crack).
Setup SSH Keys on your Windows computer/laptop using PuttyGEN
Download PuttyGEN from the Homepage website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.
Start PuttyGEN by double clicking on its icon
From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096
Click “Generate” button
Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full
Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys)
Click the “Save private key” button & choose whatever filename you’d like
NOTE! Both public and private files will have to stay on your computer, do not delete them.
Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy
Login to your VPS or Dedicated server
Run the following commands:
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file
Lets setup Putty on your windows computer/laptop
Start PuTTY by double-clicking its executable file
PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window)
In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)
Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.
Along the left-hand side of the window, select the Data sub-category, under Connection
Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field
Expand the SSH sub-category, under Connection
Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window
Browse your file system and select your previously-created private key
Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. firstname.lastname@example.org or email@example.com
Click the Save button
Now you can go ahead and log in to your server and you will not be prompted for a password.
Finally let’s disable username/password login on your vps/dedicated server
Lets change both “PasswordAuthentication” and “UsePAM” options to “no”
[...] PasswordAuthentication no [...] UsePAM no [...]
Restart your SSH server
service sshd restart or sudo reload ssh