PuTTY logo

PuTTY Advanced Masterclass: SSH Tunneling & ED25519 Keys

Stop using Passwords. Access Hidden Ports Securely. The Expert Guide for All Linux Servers.

Why Basic PuTTY Usage Is Not Enough

Most users only use 10% of PuTTY's power. But in 2026, relying on basic passwords is dangerous, regardless of your OS.

  • RSA is Deprecated: Ubuntu 24.04, Debian 12, and RHEL 9 are dropping old keys. You need ED25519.
  • Ports are Closed: You cannot access Proxmox/MySQL ports directly. You need Tunneling.
  • Timeouts: Sessions drop during long updates. You need KeepAlives.

This guide turns you from a basic user into a SysAdmin Expert. Compatible with Ubuntu, CentOS, Debian, & AlmaLinux.

Topic 1: The New Standard (ED25519 Keys)

If you see "Server refused our key", it's likely because you are using legacy RSA (ssh-rsa). Let's upgrade to Ed25519 (Faster, Secure, Modern).

1. Generate Key with PuTTYgen

  1. Open PuTTYgen.
  2. Under "Type of key to generate", select Ed25519 (Do not select RSA).
  3. Click Generate and move your mouse to create randomness.
  4. Save the Private Key (.ppk) to your secure folder.
  5. Copy the "Public key" string from the top box.

2. Install on Server (Any Linux)

Log in to your server and paste the public key. These commands work on Ubuntu, CentOS, and Debian:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
# Paste your Public Key here -> Save (Ctrl+O) -> Exit (Ctrl+X)
chmod 600 ~/.ssh/authorized_keys

3. Load the Key in PuTTY (Crucial Step)

Your server knows the key, but PuTTY doesn't. You must load the private key file.

  1. Open PuTTY.
  2. Go to Connection -> SSH -> Auth -> Credentials.
  3. Click "Browse" next to 'Private key file for authentication'.
  4. Select your saved .ppk file.
  5. Go back to Session, enter IP, and click Save.

Topic 2: The Magic (SSH Tunneling)

The Scenario: You have Proxmox (Port 8006) or MySQL (3306). The firewall blocks these ports (as it should). How do you access them without exposing the server?

The Solution: Local Port Forwarding.

Configuration Steps:

  1. Open PuTTY and load your session.
  2. Go to Connection -> SSH -> Tunnels.
  3. Source Port: Enter 8888 (Your PC port).
  4. Destination: Enter localhost:8006 (Server's internal port).
  5. Click Add. You should see L8888 localhost:8006.
  6. Click Open to login. Keep the window open.

Expect a Security Warning

When you open https://localhost:8888 in your browser, you will see a red "Your connection is not private" warning.

This is normal. The Proxmox SSL certificate is for the server's IP, not "localhost". Click Advanced -> Proceed (unsafe) to continue securely.

Topic 3: The Unbreakable Session (KeepAlive)

Hate getting "Network Error: Software caused connection abort"? Fix it permanently.

The "Stay Alive" Settings:

  1. Go to Connection panel.
  2. Seconds between keepalives: Change from 0 to 10.
  3. Check the box: Enable TCP keepalives (SO_KEEPALIVE option).
  4. Go back to Session ->Save.

Now PuTTY will silently send empty packets to the server, keeping your connection alive even if you go for a coffee break.

Conclusion: Security Matches Value

You don't put a cheap padlock on a bank vault. Similarly, you shouldn't use weak passwords on High-Performance Servers.

Weak Security (RSA)
Risk Level: High
  • Vulnerable to Attacks
  • Ports Exposed to Public
  • Unstable Connections
Enterprise Security
ED25519 + Tunnels
  • Military-Grade Encryption
  • Invisible Hidden Ports
  • Rock-Solid Sessions

Where should you apply this Advanced Security?

These expert techniques are designed for Mission-Critical GPU Infrastructure. Secure your high-value assets effectively.

NVIDIA H100 (Needs ED25519)8x H100 NVLinkRTX 4090 ClusterNVIDIA L40SNVIDIA A100Proxmox / VMware Hosts

Secure your infrastructure today.

Deploy Secure GPU Servers

PuTTY Advanced FAQ

Why is my RSA Key rejected by the server?

Newer Linux distributions like Ubuntu 24.04, Debian 12, and RHEL 9 have deprecated the legacy 'ssh-rsa' (SHA-1) algorithm. You must switch to 'ED25519' or 'ECDSA' keys for successful login.

Does this work on CentOS or AlmaLinux?

Yes. The ED25519 key standard and SSH Tunneling features are part of the core OpenSSH protocol. This guide works perfectly on Ubuntu, Debian, CentOS, AlmaLinux, and Rocky Linux.

What is SSH Tunneling in PuTTY?

SSH Tunneling (Port Forwarding) allows you to map a port on your remote server (e.g., localhost:8006) to your local computer. This lets you access internal services securely without opening dangerous ports on the firewall.

How do I stop PuTTY from disconnecting?

To prevent timeouts, go to 'Connection' settings in PuTTY. Set 'Seconds between keepalives' to 10 and enable 'Enable TCP keepalives'. This sends empty packets to the server to keep the session active.

Ready to Launch with Unmatched Power?

Ready to Launch with Unmatched Power? Deploy blazing-fast 1–100Gbps unmetered servers, high-performance GPU rigs, or game-optimized hosting custom-built for speed, reliability, and scale. Whether it’s colocation, compute-intensive tasks, or latency-critical applications, ServerMO delivers. Order now and get online in minutes, fully secured, fully optimized.

Red and white text reads '24x7' above bold purple 'SERVICES' on a white background, all set against a black backdrop. Energetic and modern feel.

Power. Performance. Precision.

99.99% Uptime Guarantee
24/7 Expert Support
Blazing-Fast NVMe SSD

Christmas Mega Sale!

Unwrap the ultimate power! Get massive holiday discounts on all Dedicated Servers. Offer ends soon grab yours before the snow melts!

London UK (15% OFF)
Tokyo Japan (10% OFF)
00Days
00Hrs
00Min
00Sec
Explore Grand Offers