SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys by Michael W. Lucas

Author:Michael W. Lucas [Lucas, Michael W.]
Language: eng
Format: mobi
Published: 0101-01-01T00:00:00+00:00

Figure 7-1: PuTTYgen Startup

Verify that SSH-2 RSA is selected,

and that the number of bits is not

less than 1024. More is not

necessarily helpful. (You might use

fewer bits for keys dedicated for

ancient servers, such as VAXes.)

Click Generate. The next PuTTYgen

screen asks you to generate

randomness by moving the mouse

over the blank area. Once you

generate sufficient entropy,

PuTTYgen creates your key. The

next screen displays the key

information.

Figure 7-2: PuTTYgen Passphrase

Enter your passphrase twice. If you

want, you can add a comment. The

default comment is the type of key

and the date, but some people

suggest using your email address or

some other detail that differentiates

between keys.

Then click Save public key. You'll

get a standard Windows save as

dialog box asking you to choose a

location to save the key file. Save

the file in a location that only you

have permissions to access. You

can use a folder under My

Documents, but make sure you go in

later and set the permissions so that

other users on your machine cannot

view the file. Save the file with a

.pub extension.

Now save the private key. I strongly

recommend using the same file

name for the public and private

keys. PuTTYgen uses a .ppk

extension for private keys, so they

won't overwrite each other. For

example, the key files I use in my

day job are named mwlucas-work-

20101114.pub and mwlucas-work-

20101114.ppk.

You now have a public key.

Congratulations!

The key is stored in a format used

by Pageant and PuTTY. This is

different than the format used by the

OpenSSH server. PuTTYgen can

export the public key in a couple

different formats, including

OpenSSH. Select Conversions →

Export OpenSSH Key. You'll get a

standard Windows dialog box

asking you to choose a filename.

That file is your OpenSSH-friendly

public key.

Using PuTTY User Keys

First, install your public key in

authorized_keys as described in

"Installing Public Keys" earlier this chapter. Remember, use the

exported OpenSSH-friendly version

of the key, not the PuTTY-friendly

version.

I strongly recommend using the

PuTTY agent for normal use. You

don't want to diagnose key and

agent problems simultaneously,

however. Make one connection

without the agent to verify that your

public key is properly installed on

your server.

If you don't have an agent running,

you must tell PuTTY where to find

the private key file. On the left side

of the PuTTY Configuration screen,

select Connection → SSH → Auth. In

the text box labeled Private key file

for authentication:, put the full path to

the private key. Remember, the

private key file ends in .ppk. Now

try to connect. PuTTY will prompt

you for your username and then

request the private key passphrase.

If you enter the passphrase

correctly, you'll get a command

prompt. If not, you won't.

Do not save this test connection. If

you list a key file in your saved

connection, PuTTY will bypass the

agent every time you try to log in.

Once you know that your key works,

reduce how often you must type

your passphrase with the Pageant

SSH agent.

Using the PuTTY SSH Agent

The PuTTY SSH agent, Pageant,

stores your decrypted private key in

memory and provides an interface

for PuTTY to access it. You type

your passphrase into Pageant only

once. Every time you open an SSH

session, PuTTY asks Pageant for

proof that it has the private key.

Start Pageant by double-clicking on

it. Ideally, you'd add a Pageant

shortcut to the Startup folder, so that

Windows starts Pageant every time

you log in. The Pageant icon, a

computer with a black broad-

brimmed hat, will appear in the

system tray.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.