Secure Shell (SSH)

Commonly known as SSH, Secure Shell is a common network or internet protocol with security a core part of the protocol. It does not use certificates like Transport Layer Security but rather keys.

One thing I have only recently learnt is that not all keys are equal. Well of course, they should be unique I hear you say and yes that is correct. However what I mean is not all SSH solutions create and store keys in compatible files.

Private Keys

Some hosting companies do allow you to generate and download a private key, however generally they will not store this but the public key will be available and added to the host ~/.ssh/authorized_keys file. The private key file can then be put on the client in ~/.ssh/id_rsa and will then be used automatically by the ssh command. You could store the key in a different file then the use the "-i" switch on the ssh command to specify where it is, for example:
ssh -i ~/.ssh/myhost.key

If you have the private key then you can generate the public key as follows:
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/
Where typical file names are used, however make sure you don't accidentally overwrite an file you need!

Server Configuration

If you own or manage a server you might want to add extra restrictions to SSH to harden your server to unauthorised users. Like a lot of other things, this is a complex field, the article at Limit access to openssh features with the Match option - gives you a good introduction.


When working on Windows the "standard" SSH client is PuTTY, as every it is recommended to download the latest version, so head over to PuTTY: a free SSH and Telnet client and do just that.

Working with a Linux solution I was given a private key by the admin and from a MacBook I could indeed just use the native SSH client and connect with the private key that I had but PuTTY would not play ball with the same file! After some digging I found the solution is this:

  • Start PuTTYgen
  • Click "Load" and open the private key file
  • Then click "Save private key" and save the file with a .ppk extension
  • Load PuTTY itself and then....
  • Connection->SSH->Auth: set the "Private key file for authentication" to the .ppk file created above
  • Connection->Data: set the "Auto-login username" to be the username for the private key
  • Session: set "Host Name" to be the hostname or IP address
  • Session: put a name in the "Saved Sessions" box and click Save
  • Click Open and you should not be signed in, all automagically!
The key step is converting the private key file format from the format generated by Linux into a file format that PuTTY can understand. The rest is just configuring PuTTY to make everything easy!