Setting up public key authentication

If your SSH client supports it, you can use public key authentication to log into Bitvise SSH Server. On Windows, we recommend Bitvise SSH Client, which has strong support for public key authentication, as well as other authentication methods.

To set up public key authentication, you first need to generate a keypair on the client, or select one or more existing keypairs for use with client authentication. The procedure for generating the keypair depends on the client software being used:

  • If you are using Bitvise SSH Client, click the link titled 'User keypair manager' in the Login tab. You can generate, edit, import and export keypairs in the dialog box that pops up.
  • If you are using a different client, you need to follow its process for generating keypairs. For example, in OpenSSH, keypairs are generated using the ssh-keygen utility. Make sure to generate an SSH2 keypair (not SSH1). Use either the RSA or the DSA/DSS algorithm.

Once the keypair has been generated, you need to export the public key into a file that will be uploaded onto the server. The public key file can be either in the standard SSH2 public key format, or in the OpenSSH format. The exporting and importing process depends on the client being used:

  • With Bitvise SSH Client, use the User Keypair Manager to export the public key in either format.
  • If you are using a different client, you need to follow its process for exporting the public key into either the standard SSH2 format or the OpenSSH public key format. If you are using OpenSSH, the public key file can be exported from an existing keypair using the ssh-keygen utility (consult 'man ssh-keygen').

Once your public key file has been exported, transfer it to the machine where Bitvise SSH Server is installed, or the machine from which you manage the SSH server remotely using Bitvise SSH Client. If you are exporting the public key from Bitvise SSH Client, and you are also using the same client to administer the SSH server remotely, no transfer is necessary. In this case, use the "Bitvise SSH Server Control Panel" feature from the SSH Client.

Open Bitvise SSH Server settings - either Easy or Advanced - and open the "Public keys" link from the Windows or virtual account settings entry for which you're importing the key. If an entry for the user you are configuring is not already present, add it. Once you click the "Public keys" link, a key management window will open. Use this window to import the public key.

Common mistakes: Make sure that you don't try to import the client's key into the server's host key management interface. The host key management interface is accessed directly from the "Server" tab of the Bitvise SSH Server Control Panel, and is intended to manage keypairs that authenticate the server. These keypairs are separate and unrelated to client authentication.