{"id":427,"date":"2021-02-11T18:40:41","date_gmt":"2021-02-11T17:40:41","guid":{"rendered":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/?p=427"},"modified":"2021-02-12T07:53:28","modified_gmt":"2021-02-12T06:53:28","slug":"putty-and-ssh-keys","status":"publish","type":"post","link":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/2021\/02\/putty-and-ssh-keys\/","title":{"rendered":"Passwordless Logins with PuTTY and SSH-Keys"},"content":{"rendered":"

This guide is about key-based logins to remote Unix\/Linux-servers from a Windows PC using PuTTY. If you have OpenSSH on your Windows, Mac or Linux computer, things should be a lot easier and you can type commands directly in a Terminal window<\/a>.<\/em><\/p>\n

Preparation<\/h2>\n

Make sure that PuTTY<\/a> is available on your computer.  This guide uses the following 3 programs: PUTTY.EXE, PUTTYGEN.EXE, PAGENT.EXE.
\nIn case they are not installed or you run into problems, they can simply be extracted from the ZIP archive<\/a> and run directly (no formal installation or admin account necessary).<\/p>\n

\"\"<\/a>
PUTTYGEN.EXE, PAGENT.EXE and PUTTY.EXE on Windows desktop<\/figcaption><\/figure>\n

Key Generation<\/h2>\n

Start PUTTYGEN<\/strong> to generate an SSH key.<\/p>\n

Select Ed25519<\/strong> as the type of key in the “Parameters” section for a modern key format that will give you a smaller public key string which will be easier to copy and paste later. Then click on the Generate<\/strong> button.<\/p>\n

\"\"<\/a>
Choose a cool key type and generate<\/figcaption><\/figure>\n

Move your mouse around a bit to generate better randomness while the key is generated.<\/p>\n

\"\"<\/a>
Random mouse movements<\/figcaption><\/figure>\n

When the key genartion is done, select the public part on the top and copy it to the clipboard. To do so, you can right click on the public key, then chose Select all<\/strong> and then right click again and chose Copy<\/strong>.<\/p>\n

\"\"<\/a>
Copy public key to clipboard<\/figcaption><\/figure>\n

Type in a passphrase for your new key to protect it and then click on Save private key<\/strong> to save your key file in a location only you personally have access to.<\/p>\n

\"\"<\/a>
Pick passphrase and save key<\/figcaption><\/figure>\n

You can close the “PuTTY Key Generator” window now.<\/p>\n

Getting the Key to the Server<\/h2>\n

To get the public key to the server, you will need to log on using your regular credentials one last time.<\/p>\n

Start PUTTY<\/strong> to establish an interactive connection to the server. If you are connecting for the first time, it is probably a good idea to create and save a session now, so that you won’t have to type in the server name again and again later on. Type in the server name in the Host Name<\/strong> field and some name for the session (you can use the server-name here as well or make something up).<\/p>\n

\"\"<\/a>
Create and save session in PuTTY<\/figcaption><\/figure>\n

Select the session you want and click on Open<\/strong> to initiate the connection. Note that when you connect to a server for the first time, you need to verify<\/a> (if you want) and save the remote server’s SSH fingerprint.<\/p>\n

Log in with your regular username and password. Using the shell, create a .ssh<\/strong> directory on the server if it does not exist yet:<\/p>\n

mkdir .ssh<\/strong><\/pre>\n
Then create (or edit) the authorized_keys<\/strong> file within that directory:<\/p>\n
pico .ssh\/authorized_keys<\/strong><\/pre>\n
\"\"<\/a>
Create .ssh and .ssh\/authorized_keys<\/figcaption><\/figure>\n
You can use any editor that you are comfortable with on the remove server. A very simple one is called “pico”. When inside the editor, right-click to paste the contents of your clipboard. Note that if your public key is not in your clipboard anymore for some reason or another, and you are thus unable to paste it into the editor, you can open just PUTTYGEN<\/strong> again, load your key and copy the public part to the clipboard again (see above).<\/p>\n
\"\"<\/a>
Pasted public key<\/figcaption><\/figure>\n
Important: Remove the line-breaks. <\/strong>There should be only spaces between the three parts of your key.<\/p>\n
\"\"<\/a>
Public key without line breaks<\/figcaption><\/figure>\n
Save the file and exit the editor. For the pico editor you can use [Ctrl]+[o]<\/strong> to save and [Ctrl]+[x]<\/strong> to exit. For extra safety you can make sure that both the file and the directory are readable for your user on the remote server only:<\/p>\n
chmod 600 .ssh\/authorized_keys<\/strong>\r\nchmod 700 .ssh<\/strong><\/pre>\n
You can then exit<\/strong> the SSH session.<\/p>\n
\"\"<\/a>
Save and make public key readable for you only<\/figcaption><\/figure>\n
Logging in using SSH Keys and Agent<\/h2>\n
PAGENT<\/strong> can be used to keep track of your SSH keys and supply them to PuTTY for logins.<\/p>\n
The idea is to have the agent process running in the background (in the Windows system tray), so that you only need to unlock your SSH key once using the previously set passphrase, and the agent will keep it (or multiple such keys) in memory and automatically use them to authenticate you when necessary. Some people put PAGENT<\/strong> in their “Startup” folder, others just start it on demand before making the connection with PuTTY.<\/p>\n
Start PAGENT<\/strong> by double-clicking it, and it should automatically appaer in your system tray (usually to the bottom right somewhere next to the date and time). Using a right click, you can add and remove SSH keys. Try doing this with your newly generated key now.<\/p>\n
\"\"<\/a>
Add key to PAGENT<\/figcaption><\/figure>\n
Select your SSH keyfile and Open<\/strong> it.<\/p>\n
\"\"<\/a>
Select ppk file and open<\/figcaption><\/figure>\n
You can also right-click on the icon in the task bar again to View<\/strong> all loaded SSH keys.<\/p>\n
\"\"<\/a>
List of SSH keys in PAGENT<\/figcaption><\/figure>\n
While most of the above steps only need to be done once, this is where daily routine starts.<\/em><\/p>\n
Now let’s start PUTTY<\/strong> and open a connection to the server again.
\nEnter your login name and press the return key. You should be authenticated automatically using your SSH key.<\/p>\n
\"\"<\/a>
Connection via PuTTY and PAGENT using SSH keys<\/figcaption><\/figure>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
This guide is about key-based logins to remote Unix\/Linux-servers from a Windows PC using PuTTY. If you have OpenSSH on your Windows, Mac or Linux computer, things should be a lot easier and you can type commands directly in a Terminal window. Preparation Make sure that PuTTY is available on your computer.  This guide uses […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[64,9,56],"tags":[69,41],"_links":{"self":[{"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/posts\/427"}],"collection":[{"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/comments?post=427"}],"version-history":[{"count":5,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/posts\/427\/revisions"}],"predecessor-version":[{"id":446,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/posts\/427\/revisions\/446"}],"wp:attachment":[{"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/media?parent=427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/categories?post=427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/userpage.fu-berlin.de\/~rober\/blog\/wp-json\/wp\/v2\/tags?post=427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}