To configure ssh authentication with public keys follow next steps. (All commands on CentOS example)

On Linux server

Adding User

sudo adduser username

Give your user a password:

passwd username

Granting Privileges to a User

If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the new user access to sudo. We can do this by adding the user to the wheel group (which gives sudo access to all of its members by default) through the gpasswd command.

sudo gpasswd -a username wheel

Don't forget add user to group which managed your service

gpasswd groupname -a username

Configure SSH

Login as created user:

su username

In your home dir create .ssh folder and file authorized_keys in it.

mkdir .ssh && touch .ssh/authorized_keys

You must give minimum permissions to this file and folder to ssh connection work. Make sure only owner can write to home folder, .ssh folder and authorized_keys can be read and write only by owner. Or you can execute this commands:

chmod g-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

On Windows Client

  1. Install Putty-CAC on Windows client. This modified Putty version was made to support smart cards & certificates

  2. At the PuTTY Configuration window side-bar, go to Connection > SSH > Certificate. Click Set CAPI Cert…. putty

  3. At the Windows Security window, select your certificate.

  4. Back at the PuTTY Configuration window, you’ll see the certificate thumbprint. Click the Copy to Clipboard button.

  5. Login to server and in .ssh folder execute:

    echo [paste key from clipboard] >> authorized_keys
    

    Or just put key to end authorized_keys file. The key will look like this: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPn2dShOF.. . CAPI:05bf4653b3098a87b67816d81049f489d5b5ffb4

    This command append your key to authorized_keys, and now you can login with certificate.