DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

How to Configure Putty to Auto Logon

— ny_wk

How to Configure Putty to Auto Logon

To configure PuTTY auto logon, you generate an SSH key pair with PuTTYgen, place the public key in ~/.ssh/authorized_keys on the Linux server, and load the private key into Pageant so PuTTY signs in without ever prompting for a password. This guide walks through the full passwordless workflow, the file permissions that trip people up, and how to make Pageant start automatically with Windows.

Why configure PuTTY auto logon with SSH keys

Typing a username and password every time you open a session is slow, error-prone, and a security liability — passwords get reused, shoulder-surfed, and brute-forced. PuTTY auto logon using public-key authentication solves all three problems at once. Instead of a shared secret travelling to the server, your private key stays on your Windows machine and proves your identity cryptographically.

The pieces involved are part of the standard PuTTY suite:

  • PuTTY — the SSH terminal client itself.
  • PuTTYgen — generates and converts SSH key pairs.
  • Pageant — the PuTTY authentication agent that holds your decrypted private key in memory and hands signatures to PuTTY on demand.

This approach works against any modern SSH server — Linux distributions, BSD, macOS, and legacy enterprise UNIX such as IBM AIX. The OpenSSH conventions described here (the .ssh directory and authorized_keys file) are identical across all of them, so the steps below are portable.

What you need before you start

Make sure the following are in place so the configuration goes smoothly:

  • The full PuTTY package installed on your Windows machine — not just putty.exe, but also puttygen.exe and pageant.exe. The official MSI installer from the PuTTY project includes all three.
  • An account on the target Linux/UNIX server that you can already log in to with a password (you need this once, to install the public key).
  • Write access to your home directory on that server.
  • An SSH server running on the host (OpenSSH on Linux, or the AIX SSH daemon) listening on a reachable port — usually TCP 22.

Step 1: Generate an SSH key pair with PuTTYgen

The private/public key pair is the heart of passwordless login. Generate it on your own machine — the private key should never leave it.

  1. Launch PuTTYgen.
  2. Under Type of key to generate, choose a modern algorithm. Ed25519 is the best default today — short, fast, and very secure. If the server is older and rejects it, fall back to RSA and set the bits to at least 3072 (or 4096). Avoid the legacy DSA option entirely — it is deprecated and disabled in current OpenSSH.
  3. Click Generate and move the mouse around over the blank area to create randomness for the key.
  4. When generation finishes, you will see the public key text at the top of the window and details such as the fingerprint below it.
  5. Leave the Key passphrase fields empty only if you want fully unattended logon with no prompt at all. Be aware of the trade-off below before you do this.
  6. Click Save private key. PuTTY stores it as a .ppk (PuTTY Private Key) file. Save it somewhere safe, for example C:\Users\you\keys\id_putty.ppk.
  7. Optionally click Save public key too — but for the next step you will copy the public key directly from the PuTTYgen window.

Security note on the passphrase: an empty passphrase means anyone who copies your .ppk file can log in as you. The safer pattern is to set a passphrase and let Pageant hold the unlocked key in memory — you type the passphrase once when Windows starts (or when you first add the key), and every PuTTY session after that is passwordless. You get both convenience and protection. Only use an empty passphrase on a tightly controlled machine.

Step 2: Copy the public key (in the correct OpenSSH format)

This is the single most common place people go wrong. The text you need is the one-line OpenSSH-format public key shown in the box at the top of the PuTTYgen window, labelled “Public key for pasting into OpenSSH authorized_keys file”.

  1. Click inside that box.
  2. Select all of the content (Ctrl+A, then Ctrl+C) — it begins with ssh-ed25519 or ssh-rsa and is one continuous line.

Do not use the contents of a file saved with “Save public key” — that produces a multi-line RFC 4716 / SSH2 format that OpenSSH's authorized_keys does not understand. The key must end up as a single unbroken line on the server.

Step 3: Install the public key on the Linux/AIX server

Log in to the server once with your password, then place the public key in your account's authorized_keys file. The cleanest way is to let SSH create the directory and set permissions for you, but the manual method below mirrors the classic workflow.

  1. Connect with PuTTY using your password as usual and go to your home directory:
    cd ~
  2. Create the .ssh directory if it does not exist and lock it down:
    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
  3. Append your public key to the authorized keys file. Use a simple editor or a heredoc — paste the single line you copied where shown:
    nano ~/.ssh/authorized_keys
    Paste the key as one line, save, and exit.
  4. Set the correct permissions on the file:
    chmod 600 ~/.ssh/authorized_keys
  5. Verify ownership and permissions. They should look like this:
    ls -ld ~/.ssh
    drwx------ 2 user user 4096 Sep 19 16:25 .ssh
    ls -la ~/.ssh
    -rw------- 1 user user 398 Sep 19 16:25 authorized_keys

Permissions are mandatory, not optional. OpenSSH silently refuses to use a key if the .ssh directory or the authorized_keys file is writable by group or others. The directory must be 700 (drwx------) and the file 600 (-rw-------), both owned by your user. The home directory itself must also not be group- or world-writable.

On AIX, the SSH daemon is usually OpenSSH packaged by IBM and follows the exact same rules. If your AIX home directory lives under a non-standard path, confirm the daemon's AuthorizedKeysFile setting in /etc/ssh/sshd_config points to .ssh/authorized_keys relative to the home.

Step 4: Load the private key into Pageant

Pageant is the agent that keeps your private key ready so PuTTY never has to ask for credentials.

  1. Run pageant.exe. It minimises to a small icon in the Windows system tray (a computer wearing a hat).
  2. Right-click the tray icon and choose Add Key (or double-click the icon to open the key list, then click Add Key).
  3. Browse to the .ppk private key you saved in Step 1 and open it.
  4. If you set a passphrase, Pageant prompts for it now. Enter it once.
  5. Click View Keys — your key fingerprint should appear in the list, confirming it is loaded.

With the key loaded, any PuTTY session you open will automatically use it, provided that session is told which username to use.

Step 5: Configure the PuTTY session for automatic login

Pageant supplies the key, but PuTTY still needs to know who to log in as. You can also point a saved session directly at the .ppk file as a backup to Pageant.

  1. Open PuTTY and type the server's hostname or IP in the Session category.
  2. Go to Connection → Data and set Auto-login username to your account name on the server. This is what removes the “login as:” prompt.
  3. (Optional) Go to Connection → SSH → Auth → Credentials and, under Private key file for authentication, browse to your .ppk. This lets the session authenticate even if Pageant is not running.
  4. Return to the Session category, type a name under Saved Sessions, and click Save.
  5. Double-click the saved session. If everything is correct, PuTTY connects, authenticates with the key, and drops you straight at a shell prompt — no username, no password.

If you connect through a session manager such as Remote Desktop Manager (RDM) rather than a locally saved PuTTY session, you may still need to enter your Linux username in the RDM session settings, because RDM does not always pass PuTTY's auto-login username.

Step 6: Start Pageant and load keys automatically at Windows logon

For truly hands-off PuTTY auto logon, have Pageant launch with your key already loaded every time Windows starts. There are two reliable ways to do this.

Option A: A shortcut in the Startup folder

Pageant accepts one or more .ppk paths on its command line and loads them immediately on launch.

  1. Create a shortcut to pageant.exe.
  2. Right-click the shortcut, choose Properties, and edit the Target field to include your key path(s):
    "C:\Program Files\PuTTY\pageant.exe" "C:\Users\you\keys\id_putty.ppk"
  3. To load several keys, list them all after the executable:
    "C:\Program Files\PuTTY\pageant.exe" "C:\keys\key1.ppk" "C:\keys\key2.ppk"
  4. Press Win+R, type shell:startup, and press Enter to open your Startup folder.
  5. Move the shortcut into that folder. Pageant will now run at logon and load the listed keys.

If your keys carry passphrases, Pageant prompts for each one at logon — type them once and you are set for the session.

Option B: A registry Run entry

Alternatively, register Pageant in the Windows Run key. Use this if you prefer not to manage a Startup shortcut.

  1. Open the Registry Editor (regedit).
  2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  3. Create a new String Value with a descriptive name such as Pageant.
  4. Set its data to the full command, including key paths, exactly as in the shortcut target:
    "C:\Program Files\PuTTY\pageant.exe" "C:\Users\you\keys\id_putty.ppk"

Both options achieve the same result — pick whichever fits how you manage your machine.

Common pitfalls and how to avoid them

When auto logon does not work, it is almost always one of these:

  • Wrong public-key format. You pasted the multi-line SSH2 file instead of the one-line OpenSSH text from the top of PuTTYgen. The key in authorized_keys must be a single line starting with ssh-ed25519 or ssh-rsa.
  • Loose permissions. .ssh not 700, authorized_keys not 600, or a group-writable home directory. OpenSSH ignores keys when permissions are too open — fix with the chmod commands above.
  • No auto-login username set. PuTTY still shows “login as:” because the username is blank under Connection → Data.
  • Pageant not running. The key is not in memory, so PuTTY falls back to a password prompt. Confirm the tray icon is present and the key is listed under View Keys.
  • Line breaks introduced on paste. Copying the key through certain editors can split it across lines. Open authorized_keys and confirm each key occupies exactly one line.
  • Server disallows key auth. Rare, but check /etc/ssh/sshd_config for PubkeyAuthentication yes and that your home/key paths are accepted.

How to verify passwordless login is working

Confirm the configuration end to end rather than assuming it works:

  1. Ensure Pageant is running with your key loaded (View Keys shows the fingerprint).
  2. Open your saved PuTTY session. You should reach a shell prompt with no username or password prompt.
  3. To see exactly why authentication succeeded or failed, look at the session output — PuTTY reports lines like “Authenticating with public key” when the key is accepted.
  4. For deeper diagnosis, check the server's auth log as an administrator:
    sudo tail -f /var/log/auth.log (Debian/Ubuntu)
    sudo tail -f /var/log/secure (RHEL/CentOS)
    On AIX, check the syslog destination configured for auth facility messages.
  5. A successful key login records an “Accepted publickey” entry; a permissions or format problem typically logs “Authentication refused” with the reason.

Key Takeaways

  • PuTTY auto logon relies on three tools: PuTTYgen to create the key pair, the server's authorized_keys file for the public key, and Pageant to serve the private key.
  • Copy the one-line OpenSSH public key from the top of the PuTTYgen window — never the saved multi-line file.
  • Set .ssh to 700 and authorized_keys to 600, or OpenSSH will silently ignore your key.
  • Set the Auto-login username under Connection → Data to remove the final login prompt.
  • Prefer a passphrase-protected key held in Pageant over a passphrase-less key — you get convenience and security together, especially when Pageant autostarts at Windows logon.

Frequently Asked Questions

Is passwordless SSH with PuTTY secure?

Yes — key-based authentication is more secure than passwords because the private key never travels to the server and cannot be brute-forced like a password. Protect the key with a passphrase and let Pageant cache it, so a stolen .ppk file is useless without the passphrase.

Why does PuTTY still ask for my password after I set up keys?

The usual causes are wrong file permissions on ~/.ssh or authorized_keys, a public key pasted in the wrong (multi-line) format, Pageant not running with the key loaded, or no auto-login username set in the PuTTY session. Work through the pitfalls section and check the server's auth log.

What is the difference between the .ppk file and the OpenSSH public key?

The .ppk is PuTTY's private-key file, which stays on your Windows machine and is loaded into Pageant. The OpenSSH public key is the one-line text you paste into the server's authorized_keys. They are two halves of the same pair — the public half goes on the server, the private half never leaves your computer.

Does this work for IBM AIX as well as Linux?

Yes. AIX typically runs IBM's port of OpenSSH, which uses the identical ~/.ssh/authorized_keys mechanism and the same permission requirements. The PuTTYgen and Pageant steps on Windows are unchanged; just confirm the AIX SSH daemon has public-key authentication enabled.

If this walkthrough saved you some typing, subscribe to @explorenystream on YouTube for more practical system administration guides.