If you use a SSH client program and want to authenticate using a public/private encryption key, you must use the client software to generate the key. Below are instructions for two popular programs:


  1. On the PuTTY web site, download and run the PuTTYgen utility.
  2. Under Parameters, click on the SSH2 RSA or SSH2 DSA radio button. Do not use SSH1.
  3. Under Actions, click the Generate button.
  4. Connect to your VPS server via SSH and su to root. Change your working directory to the .ssh directory of the user the key is for. For example for the root user you would use a command similar to the following:
    cd /root/.ssh
  5. Copy the entire public key under "Public key for pasting into OpenSSH authorized_keys file" and paste the key into the authorized_keys file in that folder. The authorized_keys file may not exist and need to be created. The key must be all on one line.

    On Linux, this file is named authorized_keys2.
  6. Enter and confirm a Key passphrase and click Save private key.
  7. Connect to your VPS server, su to root, and uncomment (remove the #) from the following lines in the /etc/ssh/sshd_config file. You can either use a text editor to edit the file or you can FTP the file locally to your PC and make the edits. To edit the file using pico you would run the following command from the shell command line:
    pico -w /etc/ssh/sshd_config
    To edit the file using ee, run the following command:
    ee /etc/ssh/sshd_config
    Once you open the file, uncomment these lines:
    Pubkey Authentication yes
    AuthorizedKeysFile .ssh/authorized_keys
  8. Click Save Private Key and save the file to your hard drive.
  9. In PuTTy, under Category: Connection/SSH/Auth/Private key file for authentication, click Browse to find your private key file.


  1. Download and install WinSCP. Choose the installation package to include public key tools PuTTYgen and Pageant.
  2. Run PuTTYgen located in the directory where WinSCP was installed. By default PuTTygen is located under Start/Programs/WinSCP3/Key tools.
  3. Follow steps 2-7 for PuTTY, above.s
  4. Start WinSCP3.
  5. Under Session enter the Host name, User name, Private key file.
  6. Click Login. You will be prompted for your private key passphrase unless you have already added your private key to the Pageant SSH agent.

Use the Pageant SSH agent that is included with WinSCP to store your key.

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771