When attempting SSH key-based authentication from Windows PuTTY to an Ubuntu server, many developers encounter the misleading "Failed password" error despite properly configured key pairs. The auth log entry:

sshd[22288]: Failed password for zzzzzzz from zz.zz.zz.zz port 53620 ssh2

often indicates deeper configuration issues rather than actual password failures.

PuTTY's native PPK format differs from OpenSSH's expected format. After generating keys with PuTTYgen:

1. Save the private key as PPK (for PuTTY)
2. Export the public key in OpenSSH format through PuTTYgen's "Conversions" menu

The correct OpenSSH public key format should appear as:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA... comment@example.com

On your Ubuntu server, verify these critical settings:

# File permissions (strict requirements)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# SSH daemon configuration
sudo grep -E "PubkeyAuthentication|RSAAuthentication" /etc/ssh/sshd_config

Common pitfalls include:

• Incorrect SELinux contexts (if enabled)
• Wrong ownership of ~/.ssh directory
• StrictMode violations in sshd_config

From your Windows command line, run PuTTY with debug output:

putty.exe -v -i C:\path\to\private.ppk user@host

Simultaneously monitor server logs:

sudo tail -f /var/log/auth.log | grep sshd

For systems with strict security policies, consider these additional steps:

# Restore SELinux context if applicable
restorecon -Rv ~/.ssh

# Verify directory ownership
ls -ld ~/.ssh
chown user:user ~/.ssh

If issues persist, test with OpenSSH for Windows:

ssh -i C:\path\to\private_key -v user@host

This bypasses PuTTY's format conversions and helps isolate the problem.

Modern systems may reject 1024-bit RSA keys. Generate a stronger key:

# In PuTTYgen:
Key type: RSA
Number of bits: 4096

Then update your authorized_keys file accordingly.

---

When attempting SSH key authentication between Windows (PuTTY) and Linux (OpenSSH), the system falls back to password authentication despite proper key setup. The auth log shows:

sshd[22288]: Failed password for zzzzzzz from zz.zz.zz.zz port 53620 ssh2

PuTTY's native .ppk format differs from OpenSSH's format. Here's how to properly convert them:

# Using PuTTYgen for conversion:
puTTYgen mykey.ppk -O private-openssh -o openssh_key
puTTYgen mykey.ppk -O public-openssh -o openssh_key.pub

For existing keys, verify the public key format matches this single-line pattern:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA... comment@host

Essential OpenSSH server settings in /etc/ssh/sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no  # Temporarily set to yes for debugging

Verify permissions with:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Run PuTTY with debug logging:

putty.exe -v -ssh user@host -i key.ppk

Simultaneously monitor server logs:

tail -f /var/log/auth.log | grep sshd

1. Regenerate keys with stronger encryption:

ssh-keygen -t rsa -b 4096  # On Linux
# Then convert to PuTTY format using PuTTYgen

2. Ensure line endings are UNIX format (LF only) for authorized_keys

3. Verify SELinux context if applicable:

restorecon -Rv ~/.ssh

If issues persist, consider:

# Windows Subsystem for Linux (WSL):
ssh -i ~/.ssh/id_rsa user@host

# Or using Windows native OpenSSH:
ssh.exe -i C:\path\to\key user@host