There are two types of authentication with SSH connection with the server one is password based authentication and another one is a SSH key based authentication. The SSH key based authentication is most secure than traditional password based authentication. The SSH key based authentication is less Vulnerable with attacks. This the recommended step to secure your root logins to the servers. It is necessary step for sysadmins to secure your servers from external attacks. This tutorial explain how to connect your server using the SSH key based authentication using the PuTTY software on Windows OS.

Step-1 (Add a normal users to respective Linux Distribution)

On Ubuntu / Debian
root@techbrown:~# adduser techbrown
On CentOS / RHEL

Add a normal user

root@techbrown:~# adduser techbrown

Add a password to normal users

root@techbrown:~# passwd techbrown

Step-2 (Grant sudo privileges to normal users)

On Ubuntu / Debian
root@techbrown:~# gpasswd -a techbrown sudo
On CentOS / RHEL
root@techbrown:~# gpasswd -a techbrown wheel

Step-3 (Generate the Public and Privates SSH keys)

root@techbrown:~# ssh-keygen -t rsa


Step-4 (Copy the public SSH key for further use)

root@techbrown:~# cat /root/.ssh/
Sample Output

Copy the above public keys to notepad for further use

Step-5 (Add the Public SSH keys to normal users)

Switch the root user to normal users

root@techbrown:~# su - techbrown

Create SSH directory

techbrown@techbrown:~$ mkdir .ssh

Provide the secure 700 permissions to directory

techbrown@techbrown:~$ chmod 700 .ssh

Add the generated public keys to the file

techbrown@techbrown:~$ vi .ssh/authorized_keys

Provide the secure 600 permissions to files

techbrown@techbrown:~$ chmod 600 .ssh/authorized_keys

Sign out from normal users

techbrown@techbrown:~$ exit

Step-6 (Disable the root user login using SSH)

On Ubuntu / Debian
root@techbrown:~# vi /etc/ssh/sshd_config

Find the lines

PermitRootLogin yes

Change it to

PermitRootLogin no
On CentOS / RHEL
root@techbrown:~# vi /etc/ssh/sshd_config

Find the lines

#PermitRootLogin yes

Change it to

PermitRootLogin no

Step-7 (Restart the SSH service to confirm changes)

Finally restart the SSH services to make the changes

root@techbrown:~# systemctl restart ssh

Step-8 (Copy the Private SSH keys)

root@techbrown:~# cat /root/.ssh/id_rsa
Sample Output


Step-9 (Save the Private SSH keys to notepad file)

Open notepad and save the Private SSH keys to it and save it using the .txt extension.

Step-10 (Download and Install PuTTY Software)

You can download the Putty Software package (putty-installer.msi) from the official website and install it on respective Windows OS.

Step-11 (Save SSH private keys in .ppk extension)

Open PuTTYGen from start menu
Load the saved Private SSH key saved in .txt extension
Finally save the private key into its own .ppk extension

Step-12 (SSH key based authentication using SSH private keys)

Open PuTTY from Start Menu
Select the normal users that you have created during this tutorial
Select the private SSH key file for authentication
Set the IP to Login with SSH private key based logins and finally hit on open to open the terminal
If you are successfully authenticated the you will see the terminal window shown as below.
If anyone tries with the SSH password based logins then will get the access denied information this makes your server so secure and less vulnerable to attacks.

That’s all for now.