Skip to content
Logo AllayHosting Docs

SSH Key Login

SSH keys are safer than password login. Instead of typing your server password, your computer proves your identity with a private key.

Generate a key on Windows

Section titled “Generate a key on Windows”

Option 1: PuTTYgen

Section titled “Option 1: PuTTYgen”
  1. Open PuTTYgen.
  2. Select ED25519 if available. Otherwise use RSA with at least 4096 bits.
  3. Click Generate and move your mouse until the key is created.
  4. Add a strong passphrase.
  5. Click Save private key and store it somewhere safe.
  6. Copy the public key text from the top box.

Option 2: Windows Terminal

Section titled “Option 2: Windows Terminal”

Open PowerShell or Windows Terminal and run:

Terminal window
ssh-keygen -t ed25519 -C "your-email@example.com"

Press Enter to accept the default path and set a strong passphrase.

Your public key is usually stored here:

C:\Users\<YourUser>\.ssh\id_ed25519.pub

Add the public key to the server

Section titled “Add the public key to the server”

Connect to your server with PuTTY or another SSH client, then create the SSH folder:

Terminal window
mkdir -p ~/.ssh
chmod 700 ~/.ssh

Open the authorized keys file:

Terminal window
nano ~/.ssh/authorized_keys

Paste your public key into the file. It should be one line starting with something like ssh-ed25519 or ssh-rsa.

Save the file, then fix permissions:

Terminal window
chmod 600 ~/.ssh/authorized_keys

Test key login

Section titled “Test key login”

Open a new PuTTY session and configure the private key:

  1. Go to Connection → SSH → Auth → Credentials.
  2. Select your private key file.
  3. Go back to Session.
  4. Enter the server IP and save the session.
  5. Click Open.

Keep your old SSH session open while testing. If the key login does not work, you can still fix the configuration from the old session.

Disable password login

Section titled “Disable password login”

Only do this after key login works.

Open the SSH server config:

Terminal window
nano /etc/ssh/sshd_config

Set or add these lines:

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password

Restart SSH:

Terminal window
systemctl restart ssh

Then open a new SSH connection and confirm key login still works.

Backup your private key

Section titled “Backup your private key”

Store your private key somewhere safe, such as a password manager. Anyone with your private key and passphrase can access your server.

Never upload your private key to public websites, Discord, GitHub, or support tickets.