Welcome to the Geeks & God Static Archive. Read more »

SSH Key-Based Authentication using PuTTY

User Rating:
4.6
Average: 4.6 (5 votes)

Tutorial Images

SSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTYSSH Key-Based Authentication using PuTTY

In the comments for Episode 108, I posted some information about using key-based authentication for SSH. Here is a tutorial for setting this up from a Windows client using PuTTY and its related tools.

Begin by downloading the PuTTY binaries. At a minimum, you will need PuTTY, Pageant, and PuTTYgen, but you may want to grab the files for PSCP and PSFTP if you want to do quick command-line file transfers.

To generate your keys, run PuTTYgen. Down at the bottom, click the button for SSH-2 DSA. I've found that to be the most compatible option. Click the Generate button and move the mouse around as directed to generate some random data. When it's done, the rest of the fields should populate similar to figure 2.

The key comment is totally optional and for your benefit, so give it a name. The comment on the key I use most often is simply "micah_putty." Set your key passphrase to protect your private key. You can change this passprhase using PuTTYgen in the future if needed.

Save the private key. In my example, I saved it to "C:\Documents and Settings\micah\micah.ppk" but you can put it in whatever safe place you desire.

To transfer this onto your Linux (or FreeBSD or Mac OSX, I would assume) host, copy the text at the top where it says "Public key for pasting." Now open a PuTTY session to the host. Create a .ssh directory if necessary, then cat > authorized_keys in this folder and paste the contents using Shift+Insert or Right-Click. (I used >> in my example, because the file already existed. You can have multiple public keys in the file.) Make sure that your home directory is not group or world writable, your .ssh directory is mode 700, and your authorized_keys file is 644 or more restrictive.

The best way to use this key is to run Pageant on your workstation. That way, you only need to authenticate the key once, and it will be available for all PuTTY sessions. The easiest way to load this is to create a Startup shortcut. Specify pageant.exe with the path to the private key file as a command line option.

When Windows starts, Pageant will prompt for the passphrase for the private key.

If you usually log into systems with the same username, you might also want to set that as a default. Under Connection/Data, set the Auto-login username, then go back to the session tab, highlight Default Settings and click save.

Once Pageant is working, and your public key is correctly installed on the host, starting PuTTY should be simply a matter of entering the desired hostname. All of your credentials will already be ready for use.