In AWS, when you launch any EC2 Linux instance, you should select a key pair for that particular instance.
Go to Windows Start menu → All Programs → PuTTY → PuTTYgen. Creating a new key pair for authentication. To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA). Nov 26, 2018 If you prefer to use a GUI-based tool to create SSH keys, you can use the PuTTYgen key generator, included with the PuTTY download package. To create an SSH RSA key pair with PuTTYgen: Start PuTTYgen. Click Generate. By default PuTTYgen generates a 2048-bit SSH-2 RSA key. Move the mouse around in the blank area to provide randomness for the key. However, what isn't addressed is that when you save the public key using puttygen it won't work on a linux server. Windows puts some data in different areas and adds line breaks. The Solution: When you get to the public key screen in creating your key pair in puttygen, copy the public key and paste it into a text file with the extension.pub. May 02, 2014 We will next see the RSA algorithm, which uses public key cryptography and is the basis of the PuTTYgen program. RSA Algorithm. As already stated, ‘RSA’- stands for R on Rivest, Adi S hamir and Leonard A dleman, who designed the algorithm. Most cryptographic algorithms involve tremendous amount of mathematics and the RSA algorithm is no exception.
AWS key pair will be in the standard private key format with .pem file extension
But if you are using PuTTY on your Windows laptop to login to AWS instance, you have a problem.
PuTTY doesn’t support PEM format. PuTTY understands only it’s own PPK format.
PPK stands for Putty Private Key.
So, you should convert your .pem file to .ppk file.
For this conversion, putty provides a tool called PuTTYgen.
In AWS, when you first create a key pair file, that you want to use for your EC2 instances, AWS will allow you to download the PEM file to your local machine. Save this PEM file somewhere on your machine.
In this example, the .pem file I have is called thegeekstuff.pem, which is under C drive.
We’ll be converting this thegeekstuff.pem file to thegeekstuff.ppk and use the .ppk to login to EC2 instance using PuTTY.
BTW, the steps to convert pem to ppk for putty is exactly the same for all the Linux AMI images, including CentOS, RedHat, Ubuntu, SuSE, Fedora, Amazon Linux, etc.
Download PuTTYgen from here.
If you’ve used the PuTTY MSI installer, then all the PuTTY utilities comes with it including puttygen.
If you are already using only putty.exe as a standalone, then you can also download the standalone puttygen.exe
Launch PuTTYgen by double clicking on it.
PuTTYGen is a RSA and DSA key generation utility. But, in our case, we’ll be using this to convert the pem to ppk file.
The main PuTTYGen screen will have the following three sections:
Key Section: This will display the current key that is loaded. i.e The key that you are currently working on. When you first launch the puttygen, this section will say “No Key”.
Actions Section: This section will display all the possible actions that you can perform inside PuTTYGen. The following are the available actions:
Parameters Section: Here you’ll specify the type of key to generate. You have three options here: SSH-1 (RSA), SSH-2 (RSA), SSH-2 DSA. You can also set the value of number of bits for the generated key. By default the type will be SSH-2 (RSA) and 2048-bit.
For our purpose of converting PEM to PPK, leave all the parameters at their default value. i.e SSH-2 (RSA) and 2048 bit.
See also: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know
In the following PuTTYGen main screen, click on “Load” button, and select your AWS PEM file.
Please note that when you click on “Load”, in the file selection window, by default, it will show “PuTTY Private Key Files (*.ppk)” as the option. Click on this drop-down list and choose “All Files” as shown below. After this, you can browser to the directory where you *.pem file is located, and load it.
Once the *.pem file is loaded, you’ll get a pop-up message saying “Successfully imported foreign key (OpenSSH SSH-2 private key)”. Click on “OK” in this screen.
Now that we have the keys loaded, you’ll see in the top “Key” section, our key information will be displayed. This will display the key fingerprint, key comment. The key passphrase in this case will be empty, as we didn’t have any passphrase for our AWS PEM file in this example.
Also, in the action section, we’ll see the save button enabled.
Click on the “Save Private Key” button, to save our converted ppk private key.
This will display a warning message saying: “Are you sure you want to save this key without a passphrase to protect it?”. Click on “YES”.
Now, give a name to this file. In our case, I’ve named this converted file as thegeekstuff.ppk
Now, that we have the thegeekstuff.pem AWS PEM file converted to thegeekstuff.ppk PuTTY key file, we can use this to login to our AWS EC2 instance.
For this, launch the putty, and do the following:
First, in the “Host Name (or IP address)” field, enter the public-dns or ip of your AWS EC2 instance.
Second, in the “Saved Sessions” field, enter the name that you would like to give for this AWS-EC2-instance on your putty, and click on “Save” to save this sessions in your putty list.
Third, on the left-hand side panel, expand the “Connections” -> expand “SSH” -> select “Auth”. Click on “Browse”, and select your converted ppk file for the “Private key file for authentication” as shown below.
Fourth, at this stage you can click on “Open” to start the connection, but you’ll lose the values that you just entered. So, on the left-panel click on “Sessions” again, and click on “Save” again. This will save the information about the private key that you provided to the putty-session that you saved earlier.
Once you’ve converted the file, you can view the content of PEM and PPK file in a text editor, and you’ll see that the content looks different, as they are of different formats.
PEM Key File from Aamazon EC2 (e.g: thegeekstuff.pem)
The PPK file format (e.g: thegeekstuff.pem). This is the file that we converted using PuTTYGen tool. This is the keyfile format that will work on your PuTTY to login to your Amazon AWS EC2 Linux instance using SSH protocol as shown above.
Next post: 8 PostgreSQL Examples to Install, Create DB & Table, Insert & Select Records
Previous post: 8 Steps to Install MirthConnect with MySQL / MariaDB on Linux
-->This article describes ways to generate and use secure shell (SSH) keys on a Windows computer to create and connect to a Linux virtual machine (VM) in Azure. To use SSH keys from a Linux or macOS client, see the quick or detailed guidance.
SSH is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH is the default connection protocol for Linux VMs hosted in Azure. Although SSH itself provides an encrypted connection, using passwords with SSH connections still leaves the VM vulnerable to brute-force attacks or guessing of passwords. A more secure and preferred method of connecting to a VM using SSH is by using a public-private key pair, also known as SSH keys.
The public key is placed on your Linux VM, or any other service that you wish to use with public-key cryptography.
The private key remains on your local system. Protect this private key. Do not share it.
When you use an SSH client to connect to your Linux VM (which has the public key), the remote VM tests the client to make sure it possesses the private key. If the client has the private key, it's granted access to the VM.
Depending on your organization's security policies, you can reuse a single public-private key pair to access multiple Azure VMs and services. You do not need a separate pair of keys for each VM or service you wish to access.
Your public key can be shared with anyone, but only you (or your local security infrastructure) should possess your private key.
Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Other key formats such as ED25519 and ECDSA are not supported.
You connect to and manage Linux VMs in Azure using an SSH client. Computers running Linux or macOS usually have a suite of SSH commands to generate and manage SSH keys and to make SSH connections.
Windows computers do not always have comparable SSH commands installed. Recent versions of Windows 10 provide OpenSSH client commands to create and manage SSH keys and make SSH connections from a command prompt. Recent Windows 10 versions also include the Windows Subsystem for Linux to run and access utilities such as an SSH client natively within a Bash shell.
Other common Windows SSH clients you can install locally are included in the following packages:
You can also use the SSH utilities available in Bash in the Azure Cloud Shell.
The following sections describe two options to create an SSH key pair on Windows. You can use a shell command (ssh-keygen) or a GUI tool (PuTTYgen). Also note, when using Powershell to create a key, upload the public key as ssh.com(SECSH) format. When using CLI, convert the key into OpenSSH format prior to uploading.
If you run a command shell on Windows that supports SSH client tools (or you use Azure Cloud Shell), create an SSH key pair using the ssh-keygen command. Type the following command, and answer the prompts. If an SSH key pair exists in the chosen location, those files are overwritten.
For more background and information, see the quick or detailed steps to create SSH keys using ssh-keygen.
Describe how public and private keys are generated. I'm still new to public key crypto. I'm trying to understand how it is that the private key is generated first in public key crypto? I would have expected the private and public key to be generated at the same time, as they would depend on each other. The Public and Private key pair comprise of two uniquely related cryptographic keys (basically long random numbers). Below is an example of a Public Key: 3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001. How can I explain the concept of public and private keys without technical jargon? Call it a key in the first place because it's an analogy so god knows why we didn't use the same reasoning and call it public padlock / private key as it is the most intuitive description of the whole thing. How can I generate some public and private keys. How is a private key generated. How exactly is public key generated, how is address generated from public key. How are public & private keys in an address created? Ask Question Asked 8 years. Bitcoin private keys are most commonly displayed in wallet import format (WIF), also known as base58check (a number expressed in base 58 with a. For symmetric encryption, the same key is used to encrypt the message and to decrypt it. This key must be random, or cryptographically generated in a way that makes it look random. For public-key encryption, instead the recipient generates two k.
If you prefer to use a GUI-based tool to create SSH keys, you can use the PuTTYgen key generator, included with the PuTTY download package.
To create an SSH RSA key pair with PuTTYgen:
Start PuTTYgen.
Click Generate. By default PuTTYgen generates a 2048-bit SSH-2 RSA key.
Move the mouse around in the blank area to provide randomness for the key.
After the public key is generated, optionally enter and confirm a passphrase. You will be prompted for the passphrase when you authenticate to the VM with your private SSH key. Without a passphrase, if someone obtains your private key, they can sign in to any VM or service that uses that key. We recommend you create a passphrase. However, if you forget the passphrase, there is no way to recover it.
The public key is displayed at the top of the window. You can copy this entire public key and then paste it into the Azure portal or an Azure Resource Manager template when you create a Linux VM. You can also select Save public key to save a copy to your computer:
Optionally, to save the private key in PuTTy private key format (.ppk file), select Save private key. You will need the .ppk file later to use PuTTY to make an SSH connection to the VM.
If you want to save the private key in the OpenSSH format, the private key format used by many SSH clients, select Conversions > Export OpenSSH key.
To create a Linux VM that uses SSH keys for authentication, provide your SSH public key when creating the VM using the Azure portal or other methods.
The following example shows how you would copy and paste this public key into the Azure portal when you create a Linux VM. The public key is typically then stored in the ~/.ssh/authorized_key directory on your new VM.
One way to make an SSH connection to your Linux VM from Windows is to use an SSH client. This is the preferred method if you have an SSH client installed on your Windows system, or if you use the SSH tools in Bash in Azure Cloud Shell. If you prefer a GUI-based tool, you can connect with PuTTY.
With the public key deployed on your Azure VM, and the private key on your local system, SSH to your VM using the IP address or DNS name of your VM. Replace azureuser and myvm.westus.cloudapp.azure.com in the following command with the administrator user name and the fully qualified domain name (or IP address):
If you configured a passphrase when you created your key pair, enter the passphrase when prompted during the sign-in process.
If the VM is using the just-in-time access policy, you need to request access before you can connect to the VM. For more information about the just-in-time policy, see Manage virtual machine access using the just in time policy.
If you installed the PuTTY download package and previously generated a PuTTY private key (.ppk) file, you can connect to a Linux VM with PuTTY.
Start PuTTy.
Fill in the host name or IP address of your VM from the Azure portal:
Select the Connection > SSH > Auth category. Browse to and select your PuTTY private key (.ppk file):
Click Open to connect to your VM.
For detailed steps, options, and advanced examples of working with SSH keys, see Detailed steps to create SSH key pairs.
You can also use PowerShell in Azure Cloud Shell to generate SSH keys and make SSH connections to Linux VMs. See the PowerShell quickstart.
If you have difficulty using SSH to connect to your Linux VMs, see Troubleshoot SSH connections to an Azure Linux VM.