How To Use SSH Keys with PuTTY on DigitalOcean Droplets (Windows users)
Note: This guide is for Windows users. If you are using Mac OS X or Linux on your home computer, please follow this guide instead.
While it is possible to manage your servers using password-based logins, it is often a better idea to set up and utilize SSH key pairs. SSH keys are more secure than passwords, and can help you log in without having to remember long passwords.
At DigitalOcean, you are able to upload your key so that it will be embedded in your servers upon creation. This lets you log into your servers without a password while still remaining very secure.
For Windows users, a piece of software called PuTTY is typically used to create SSH sessions which allow you to connect to your server. This same suite of programs can be used to generate SSH keys and remember which keys should be used to connect with your servers.
In this guide, we will walk you through how to use PuTTY to generate SSH key pairs, how to upload your public key to the DigitalOcean web interface, and how to create new droplets (VPS instances) with your public key embedded. We will then show you how to connect to your servers without a password using your private key.
How SSH Key Pairs Work
SSH key pairs are used as an authentication method by creating two related keys.
The first key is called a private key. The private key is a secret key that is owned and kept safe by the user who creates it. It is used to identify you and is kind of like the wax seals that used to be used to seal letters. It can be used to prove that a connection is legitimately coming from you.
You should not let anyone have your private key, because the other person could then masquerade as you and log into any accounts you have configured with your key. If you need to share access, there are better ways.
The other key is called the public key. This key is veritably associated with your private key. The difference is that you can freely share this key with anyone around the internet.
The only thing that someone else can do with this key is allow you to log into their machine. This is what we will be configuring in this guide, by creating our new servers with our public key already included.
Download and Install PuTTY and PuTTYgen
To get started, we'll need to download and install both PuTTY, the utility used to connect to remote servers through SSH (secure shell), and PuTTYgen, a utility used to create SSH keys.
You can find links to both of these at the project's website.
The easiest way of getting all of the necessary utilities is to scroll click on the link associated with the heading "A Windows installer for everything except PuTTYtel", as you can see pictured here:
Click on the link for the installer to download it. Then install it on your home computer using the wizard that begins when you double click the installer. It is usually okay to accept the defaults, but feel free to change any values you'd like.
Create an SSH Key Pair
We will begin by creating our SSH key pairs.
Start up the PuTTYgen program through your Start Menu or by tapping the Windows key and typing "PuTTYgen". It will launch the key generation program, which should look something like this:
To create a new key, select the parameters at the bottom that match your requirements:
In almost all situations, the default values will work great, so feel free to leave them as-is.
When you are ready, click on the "Generate" button on the right-hand side:
Because SSH keys are created using random chunks of information for security, you will need to generate some random data by waving your mouse around in the window area. This randomness, known as entropy, is used to create keys in a secure fashion that won't be reproducible by other people.
When the operating system has received enough random chunks of information, it will generate a key pair. It will output the public key to a text box on the screen.
You can use this information by copying and pasting it from the box, but we'll save it for later using the interface provided. Click on both the Save public key button and the Save private key button and select a secure location to keep them:
You can call your keys whatever you'd like. Your private key will be given the extension ".ppk". The public key, you should probably select an extension like ".txt" so that you will be able to open it with a regular text editor. You will need to be able to read the information from this file later on.
You now have your generated key pair saved on your computer and ready to use.
Upload Your Public Key to your DigitalOcean Account
As we stated earlier, you can freely share your public key because, while it can be used to validate the user who holds the associated private key, it cannot be used to re-create the private key. It is therefore completely safe to upload.
Within your DigitalOcean account, click the account icon in the upper-right hand corner. From the drop down menu that appears, select the Settings item:
You will be taken to the DigitalOcean accounts page. In the left-hand navigation menu, select the Security menu item:
This will take you to the security section of your account. In the main area, there is a section for managing your SSH keys. Inside this section, click on the Add SSH Key button:
A new screen will display, giving you the option to add a public SSH key to your DigitalOcean account. Paste the contents of your public key into the space provided. If you no longer have your PuTTYgen session running, you should open your public key with a text editor (like Notepad). Select every piece of text within the file and paste it into the provided field.
Afterwards, select a name for the key that will help you easily identify the key in the DigitalOcean interface. When you are finished, it should look something like this:
Click the Add SSH Key button when you are finished. You now have a public key available within the DigitalOcean control panel:
Now, we just need to create a new Droplet utilizing this key.
Create a New VPS Server with your Public SSH Key Embedded
Now that we have our public key in our interface, we can embed it into our new servers. This will allow you to authenticate to your new server using your private key, without having to supply a password.
To create a new server, click on the Create Droplet button in the upper-right corner of the control panel:
Select the image to use, the Droplet size, datacenter region, and other available options as usual.
Towards the bottom of the page, there is a section called Add your SSH Keys. Inside, you will have check boxes for each of the SSH keys that you have uploaded to the control panel. You can select one or more keys to embed them into your server:
If you are familiar with creating servers through DigitalOcean, you may be used to receiving an email upon creation with the authentication details and password. When you choose to embed an SSH key into your new server, you will not be sent an email.
Instead, you should use your private key to sign in, which does not need a password.
Setting Up an SSH Session with SSH Keys in PuTTY
Now that we have a droplet with our public key inside, we can use PuTTY to connect to it. We will do this by setting up and saving a session. This way we will be able to quickly reconnect at a later time with all of our settings saved.
Start by opening up the main PuTTY program. You can do this by double clicking on the PuTTY program, or by tapping the Windows key and typing "PuTTY".
Inside, you'll be taken to the main session screen. The first step is to enter the IP address of your droplet into the session page. You can get this address from your DigitalOcean control panel:
By default, SSH happens on port 22, and the "SSH" connection type should be selected. These are the values we want.
Next, we'll need to select the "Data" configuration inside the "Connection" heading in the left-hand navigation menu:
Here, we will enter our server's username. For the initial setup, this should be the "root" user, which is the administrative user of your server. This is the account that has been configured with your SSH public key. Enter "root" into the "Auto-login username" prompt:
Next, we'll need to click on the "SSH" category in the navigation menu:
Within this category, click on the "Auth" sub-category.
There is a field on this screen asking for the "Private key file for authentication". Click on the "Browse" button:
Search for the private key file that you saved. This is the key that ends in ".ppk". Find it and select "Open" in the file window:
Now, in the navigation menu, we need to return to the "Session" screen that we started at.
This time, we need to create a name for the session that we will be saving. This can be anything, so select something that will help you remember what this is for. When you are finished, click on the "Save" button.
You now have saved all of the configuration data needed to connect to your new server.
Connect to Your Server Using the Saved PuTTY Session
Now that you have your session saved, you can recall these values at any time by returning to the "Session" screen, selecting the session you would like to use in the "Saved Sessions" section, and click "Load" to recall the settings.
This will auto-fill all of the fields with the values you initially selected.
When you are ready to actually connect to your server, on the "Sessions" screen, click the button at the bottom that says "Open" after you have loaded your session:
The first time that you connect with the remote host, you will be asked to verify the identity of the remote server. This is expected the first time you connect to a new server, so you can select "Yes" to continue.
Afterwards, you should immediately be logged into your new server without ever having to type in a password:
If you've gotten this far, you've successfully configured SSH keys with DigitalOcean!
You should now be able to easily deploy new DigitalOcean VPS instances with your SSH public key. You can use the SSH keys you created on as many servers as you would like. They are not one-time use configurations.
To learn about how to embed your PuTTY SSH keys into server instances that you already have up and running, follow this guide.