Key-Based SSH Logins With PuTTY - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Wed, 2006-12-06 22:59. ::

4 Connect To The SSH Server

Now we can connect to our SSH server simply by clicking on Open.

If you connect to the server for the first time, a security warning pops up. This is because PuTTY doesn't know the server's host key yet, so it is safe to click on Yes. (If this happens again later on, this can mean that another server is now running under the same IP address, or that someone has broken in and changed the key.)

We have saved the username with which we connect in our profile settings, so we don't have to type it here again. We only have to specify that user's password:

Now this was the "normal" way of logging in, i.e., with a username and a password. If anyone else knows the username and password, he can log in, too. So if you have weak passwords and/or are the victim of a brute-fore attack, this can become a problem. Let's change that now.

 

5 Generate A Private/Public Key Pair

We can use PuTTYgen to create a private/public key pair. Start it by double-clicking its executable file. Make sure you select SSH-2 RSA under Type of key to generate and specify 1024 as the Number of bits in a generated key. Then click on Generate:

Please move the mouse pointer over the blank area during the key generation to generate some randomness:

Now a private/public key pair has been generated. Under Key comment, you can enter any comment; normally you use your email address here. Then specify a Key passphrase and repeat it under Confirm passphrase. You'll need that passphrase to log in to SSH with your new key. Then click on Save publick key and save it in some safe location on your computer. You are free to choose a filename and extension, but it should be one that lets you remember for which system it is.

Then click on Save private key. You can save it in the same location as the public key - it should be a location that only you can access and that you don't lose! (If you lose the keys and have disabled username/password logins, then you can't log in anymore!) Again, you're free to choose a filename, but this time the extension must be .ppk:

Then copy the public key from the PuTTYgen window:

 

6 Save The Public Key On The Server

Then log in to your SSH server (if you have closed the previous SSH session already), still with the username and password, and paste the public key into the file ~/.ssh/authorized_keys2 (in one line!) like this:

mkdir ~/.ssh
chmod 700 ~/.ssh

vi ~/.ssh/authorized_keys2

ssh-rsa AAAAB3NzaC1yc2EA[...]Lg5whU0zMuYE5IZu8ZudnP6ds= myname@example.com

That file must be write/readable only by that user, so we run

chmod 600 ~/.ssh/authorized_keys2


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Scott D. (not registered) on Mon, 2012-02-27 21:13.
Hi, thanks for a tutorial that talks about Loading existing private keys. I managed to get putty connecting through SSH, with keys, to my Ubuntu Virtual Private Server.
Submitted by Anonymous (not registered) on Wed, 2011-09-28 12:03.
great help!
Submitted by spice (not registered) on Wed, 2011-07-20 21:36.

I tried saving the public key as a file (on Windows), and then copied this multi-line file to my Unix server.  This didn't work.  I suspect end-of-line issues.

When I simply copied the public key from the field in Putty, and then pasted this single line into  ~/.ssh/authorized_keys things worked.

 

Submitted by Hb (not registered) on Fri, 2009-01-09 22:26.
After pasting the clipboard to vi you will see Insert as status mode at the bottom of the screen. Now press Esc to get in command mode and then :wq and Enter to leave (and survive) vi.

On most systems nano is installed. Nano is probably easier to use.
Submitted by Operator (registered user) on Wed, 2008-12-17 15:28.
Really good and clear explanation. Properly step-by-step, with screenshots all the way. Even a total beginner can follow this. Great job. Thanks.
Submitted by Paulo (not registered) on Sat, 2008-12-13 01:44.
Very nice how to, thanks!!! It worked for me.
Submitted by jimdigriz (registered user) on Tue, 2006-12-12 17:42.
There is no reason why '~/.ssh/authorized_keys(2)' cannot be globally readable, obviously you do not want it globally writable.

If someone was to take a copy of your public key the 'worst' they could do is give you access to an additional system.... :-/

No harm  in "chmod 0600"'ing but it does imply you have missed the meaning of 'public' in public key based authentication systems. I personally use 0644.
Submitted by Gallomimia (not registered) on Tue, 2012-12-11 19:15.

This is correct. It is the private key which must be made 600 on linux systems for them to be used as outgoing connections. In fact, 400 is a better permission mode.

 Speaking of outbound private keys, why can't I use my openSSH private key as is with putty?

Submitted by spiney (registered user) on Sat, 2006-12-09 09:08.
$HOME/.ssh/authorized_keys2 is deprecated and only still valid because of OpenSSH trying to be backward compatible, the actual file is $HOME/.ssh/authorized_keys, see the manual page of sshd.