When connecting to a Linux server using SSH, I prefer to use SSH public key authentication, because it's safe and doesn't require me to enter a password every time. Using KeePass Password Safe, this can be setup quite easily.

This method can be extended to work with GitHub and TortoiseGit, which I'll explain in another post.

Creating an SSH keypair

First off, we'll need an SSH keypair, which we'll do using PuTTYgen.

Download PuTTYgen from here if you haven't already done so and open it.

Click 'Generate' and throw some spasms towards your mouse in order to give the program random input.

PuTTYgen generating SSH key

Once completed, enter a password twice. You should pick a strong one, this will be part of the key to your Linux server. I suggest generating one with a tool like KeePass, since you don't actually have to enter it manually.

PuTTYgen generated SSH key

Save the private key using the 'Save private key' button. Save the public key using the 'Save public key' button. Select and copy the text under 'Public key for pasting into OpenSSH authorized_keys file'.

You can (and should) delete the private key later on, since we are going to save it in KeePass. The private key, together with the password you choose, will provide you (or anyone who has them) with access to the server on which it is registered.

The public key is just that, public. It will be used by the server to verify that you are in possession of the private key, but it cannot be used to gain access to it.

Uploading the public key to the server

Now it's time to let the server know who you are, so it will accept your SSH key.

Logon to the Linux server using for example a username and a password and look for the following file:


If it does not exist, create it now.

mkdir ~/.ssh  
nano ~/.ssh/authorized_keys  

Paste the text as copied earlier from PuTTYgen on a new line, or just the first line if the file is still empty (this can be done using the right mouse button when connected through PuTTY).

Save the file (Ctrl-X, then Y).

PuTTY authorized keys

Setting up KeePass

KeePass Password Safe can be downloaded here, either as an installing msi or as a portable zip.

We'll need the KeeAgent plugin, which adds Pageant-like functionality to KeePass. Download the zip and extract the KeeAgent.plgx file into the installation directory of KeePass (where KeePass.exe is stored).

Add KeeAgent plugin to KeePass

KeeAgent (and Pageant) run in the background and can load SSH keys, which can then be served up to other applications, like PuTTY. This way, you'll only have to enter the password for the SSH key once, after which it can be used for as long as the agent runs. Since KeePass will store the password to your private key, it can unlock and load the key automatically, so you'll only need to unlock the KeePass database itself.

Start KeePass (or restart if it was already running) and notice the 'KeeAgent' option under the 'Tools' menu. This means the plugin installed successfully.

Added KeeAgent plugin to KeePass

Create a new entry and fill in a title for the entry. Fill in the username for the remote Linux server. Fill in the password of the private key you've chosen in PuTTYgen a few steps ago.

Add new entry to KeePass

Go to the 'Advanced' tab and attach the private key file from PuTTYgen (.ppk).

Add private key file to new entry

Go the the 'KeeAgent' tab and tick 'Allow KeeAgent to use this entry', select the .ppk file from the 'Private Key File Location' dropdown box.

Enable KeeAgent for new entry

Save the new entry. Now either right-click it and hit 'Load SSH Key', or simply reload the KeePass database. If all went well, you should see the loaded key in the 'Tools' - 'KeeAgent' window.

KeeAgent loaded private key

Connecting to the server using the SSH key

You might need to enable the 'Attempt authentication using Pageant' option in PuTTY under 'Connection' - 'SSH' - 'Auth'. While we're not actually using Pageant, KeeAgent emulates its behavior and therefore acts as Pageant.

Enable PuTTY to use Pageant

You should now be able to connect to the Linux server using PuTTY, after which you will be granted access while only providing a username, without entering a password.

PuTTY connected to server using KeePass