This assumes that PuTTY is used for SSH access to the servers.

The first step is to generate a public/private key pair. PuTTY Key Generator will do this. I used all defaults and clicked “Generate”. I “saved the public key” and “saved the private key”. The public key is concatenated to /user/home/.ssh/authorized_keys on the server. If it’s the first key, you’ll need to create this hidden directory and the authorized_keys file. The access permissions (chmod) are 700 for the .ssh directory and 600 for the authorized_keys file. It’s odd that the saved public key file is not the right format for concatenation to the authorized_keys file. Instead you must copy and paste the key from the Putty Key Generator Key. It’s identified as the public key for pasting into OpenSSH authorized_keys file. This is easiest done with a SSH session to the server.

Next, open the PuTTY entry for the server and add the user name under “Connection/Data”. Add the private key file to the Connection/SSH/Auth. It’s best to avoid moving the private key file around. Save the session.

The last step is to accept ssh-rsa public key algorithms on the server. Do this by editing /etc/ssh/sshd_config and adding “PubkeyAcceptedAlgorithms +ssh-rsa” to the bottom of the file. Restart ssh service.

Briefly

mkdir .ssh
chmod 700 .ssh
nano .ssh/authorized_keys
<paste public key>
sudo nano /etc/ssh/sshd_config
PubkeyAcceptedAlgorithms +ssh-rsa
sudo systemctl restart ssh.service
add user name and private key to PuTTY

Troubleshooting

There are many tutorials on using SSH key files to log into a Linux server without a password. None of them worked for me. Here’s the problem I found and how I found the solution.

The error was “Server refused our key”. This led me to adding “LogLevel DEBUG3” in /etc/ssh/sshd_config. Then used the command “journalctl | grep key” or “journalctl -xe” to locate any issues when logging in with a private key. (The public key is stored on the server.) I found that “key type ssh-rsa not in PubkeyAcceptedAlgorithms” for the server. My key was an rsa key. I removed “LogLevel DEBUG3” from sshd_config and added “PubkeyAcceptedAlgorithms +ssh-rsa”. This fixed the problem. Oddly, this failed and was not needed for Raspbian. The mystery remains why none of the tutorials warned of this problem.