PuTTY SSH authentication
This post is intended to document procedures which can be used to simplify and increase security of remote login procedures to UNIX systems through use of SSH private and public keys.
PuTTY for Windows
PuTTY includes a full suite of programs in addition to the PuTTY executable itself. The top of the download page describes the purpose of each tool. We'll use 3 of those tools in this process.
Creating an SSH private key
You can choose RSA or DSA key types, and you can change the key size.
Enter a passphrase and "Save private key" somewhere on your local system. Note: Use a passphrase that you can remember but that is stronger than a normal password. Security people usually suggest using whole sentences or combinations of words/phrases. Later we'll configure another program so that you don't have to type this passphrase very often.
Installing the public key on the remote system
There are various ways to do this, but the PuTTYgen window explains what I've found to be the easiest. That is, copy the text from the Key text area at the top of the window and manually add it to the $HOME/.ssh/authorized_keys file on the remote system. authorized_keys can contain multiple lines, one for each public key you wish to allow to connect to the remote system as your user.
The authorized_keys file probably doesn't yet exist, and the .ssh directory may or may not. (The same directory is where ssh places the known_hosts file that contains the public keys for hosts which you have trusted for ssh connections in the past.)
If either doesn't exist and has to be created, ensure that the permissions are as follows
[user@server:/home/user] ls -al .ssh
total 56
drwx- 2 user staff 256 Aug 22 16:02 .
drwxr-x- 3 user staff 4096 Sep 03 06:06 ..
-rw- 1 user staff 606 Aug 22 16:03 authorized_keysEach line in authorized_keys can also be configured with further options, including restricting a key's use to specific hosts, for instance. The best documentation I found on those options is at this Free BSD man page.
You can, and probably will want to, install the exact same public key on each system on which you want to use key-based authentication.