key based, password free SSH connection to your Raspberry

If the Raspberry will be only accessed remote without a GUI, normally SSH is the tool of choice. By default the user will use the login name and the password to connect to the Pi. While in Unix, Linux and OSX the user can connect with default tools under Windows putty will do the job.
Putty can be downloaded form http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Generally there are some advantage of using key based SSH connections:

• the password will not be transferred over the network (not even encrypted)
• if your Raspberry is running online, you can reduce the probability of successful brute force attacks
• there can be automated connections to the raspberry

Generating the Key

To generate a SSH Key with Windows, in the first step download the PuttyGen tool from Putty project site. Check if the key type is SSH-2 RSA and the numbers of bits for the key are t least 2048. Click Generate to start the generation of the Key.

After the key has been generated, the window looks like this, showing the public part of the key and the fingerprint.

If you want to add a comment for the key, it might be easier to know what the key was generated for. Additional the key can be protected with a password. In the case of automated connections to the Raspberry, if you set a password, this will be asked for every connection. In my idea it is not necessary for my use case. Okay now everything is done and the private key can be saved. If the key will only used from Windows with putty, just click save private key. The filename extension should be ppk. If you want to use the key on Linux systems (to connect to the Raspberry), you need to export the key as OpenSSH Key.
In the example the public key will not be saved, because the key will be afterwards inserted into the Raspberry configuration. Therefore, the PuttyGen window will not be closed at the moment.

configure the Raspberry for SSH keys

Assuming the Raspberry is running and connected to the network, you will use Putty under Windows to create a connection with your user name and password. In most cases this should be the default user pi and the password raspberry

After the successful log in (with Putty!) you create a folder for the public SSH Key. The command is:

mkdir -p ~/.ssh

Next you create the file authorized_keys, in which we store the public key. The full path to the file will be /home/pi/.ssh/authorized_keys. This location creates a connection with the user pi and the public key.

sudo nano ~/.ssh/authorized_keys

In PuttyGen, select and copy the key from the window below the line "Public key for pasting into OpenSSH authorized_keys file" and insert with a right click into the Putty window with the open editor. The inserted key should be only one! line. If not, something is wrong. Jump with the end key to the end of line and check if the last characters form the authorized_keys file are the same as in the window form PuttyGen.

In nano text editor, the files will be saved with the key combination CTRL X, then Y then Enter. After the file is saved, we will secure it with the following command. Copy, paste and execute it line by line.:

sudo chmod 644 ~/.ssh/authorized_keys
sudo chown pi:pi ~/.ssh/authorized_keys
sudo chmod 700 ~/.ssh

Now the public key is stored on the Raspberry and is connected to a specific user. In the next step, a few settings for the key based SSH connection need to be checked or changed. The config file will be opened for editing with this command:  

sudo nano /etc/ssh/sshd_config

The following settings should be in the file (in different places or different order). If necessary, remove the number sign on the begin of the line (#).

PermitRootLogin no
AllowUsers pi
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
UsePAM no

If anything has been changed in the file, this will be saved with CTRL+X, then Y and then Enter. In the last step the SSH daemon will be restarted with this command:

sudo systemctl restart sshd

configure Putty for key based SSH connections

Now there is some configuration on the SSH Client Putty. Open a new Putty window:

• Navigate in the Category tree to Connection -> Data and add under auto-login username your chosen user (here "pi")
  
• now navigate to Connection->SSH->Auth and enter path and file name to the private key
  
• as a last step navigate to Sessions and enter Host name or IP Address, chose a name for the session under Saved Sessions and click Save
  

For later connections open a Putty window, double click the saved session name and a connection to the Raspberry will be established. If the key based authentication was successful, the Putty window will look like this:

That's it, congratulations! You successfully created a private key, configured your Raspberry to use the public key for authentication and the Putty for establishing key based SSH connections. If this was helpful or you have an idea what I can improve, I would happy if you leave a comment.