Key-Based SSH Logins With PuTTY - Page 4

9 Disable Username/Password Logins

Up to now, you can log in with your private/public key pair and still with username/password logins, so if someone doesn't attach a private key to his PuTTY session, he will be asked for a username and password. So to achieve a better security, we must disable the username/password logins (you should do this only when you know that your key-based logins are working, because if they aren't and you disable username/password logins, then you have a problem...).

To disable the username/password logins, we must modify the sshd configuration file. On Debian/Ubuntu systems, it's /etc/ssh/sshd_config. You should set Protocol to 2 (1 is insecure and should not be used!), PasswordAuthentication to no, and UsePAM to no (or comment out the UsePAM line), e.g. like this:

vi /etc/ssh/sshd_config
[...]
Protocol 2
PasswordAuthentication no
UsePAM no
[...]

Then restart sshd. On Debian/Ubuntu, you can do it like this:

service ssh restart

On Older versions, use the init script instead of the service command:

/etc/init.d ssh restart

Now if you open a PuTTY session without your private key attached, you shouldn't be able to log in anymore.

 

10 Let Pageant Remember Your Key Passphrase

Whenever you use your key-based login now, you stilll have to specify your key passphrase. This can be annoying if you connect to the SSH server multiple times a day. Fortunately, you can tell the passphrase to Pageant which will then provide the passphrase whenever you log in to your SSH server.

You can start Pageant by double-clicking its executable file:

Start pageant.exe

Afterwards, you should see running Pageant in the taskbar:

Pageant in task bar

Now double-click the Pageant icon in the taskbar. The following window comes up. Click on Add Key:

Add a key in pageant

Browse your filesystem and select your private key:

Browse file system

Then enter the passphrase for the private key:

Enter the passphrase

The key is now listed in Pageant's key list. Click on Close:

Close the window, when key is listed

As long as Pageant is running in the taskbar, you can log in to your SSH server without providing the passphrase - this is done by Pageant:

Automatic SSH lohin with pageant

When you stop Pageant, it forgets all keys, so the next time you start Pageant you must add the keys again. This can also be annoying, but to prevent this, we can create a shortcut on the desktop to the Pageant executable. Right-click the Pageant executable and select Create Shortcut:

Create a shortcut

You should now find a shortcut. Right-click it and go to Properties:

Desktop Shortcut

Under Target, you will now find the path to pageant.exe, e.g. "C:\Dokumente und Einstellungen\falko\Desktop\pageant.exe" (if there are no spaces in your path, you don't need the quotation marks). You can now simply add the location of your private key to that line, for example if you private key is C:\putty\my_keys\private_key_192.168.0.100.ppk then the line should look like this:

"C:\Dokumente und Einstellungen\falko\Desktop\pageant.exe" C:\putty\my_keys\private_key_192.168.0.100.ppk

(if there are spaces in the path to your private key, you must wrap it in quotation marks again, e.g. like this:

"C:\Dokumente und Einstellungen\falko\Desktop\pageant.exe" "C:\directory with lots of spaces in name\my keys\private_key_192.168.0.100.ppk"

)

Then click on OK:

Shortcut details

Now when you double-click on the Pageant shortcut, Pageant will automatically load your private key and ask you for the passphrase. Enter it, and that's it.

 

Share this page:

21 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:

I've always wanted to do this, but have never known how. This tutorial told me exactly what I needed to know. Thanks! 

By:

There is a version of PuTTY called PortaPuTTY that can be installed to USB drives, without any Registry modifications.

By: Damian

Just been pulling my hair out trying to get Windows to talk nicely to Ubuntu and this nailed it. Cheers Damian

By: Anonymous

Thanks for this.

 This is a great site with lots of useful stuff explained in a clear and concise manner.

By: Mikeomillian

I was actually trying to admin my VPS without command line, because I had tried putty once and it didn't work. This got it working in about 10 minutes, thank you!

By: Neil

Thank you so much. Easy, step by step, and it just works.

 Wonderful.

By: Thiago Cruz

Excelent step-by-step. I used it with plink. Thanks

By: TeHZomB

Thanks, this guide is great and really easy to follow! Even five years later, works like a charm.

By: Mike G.

Excellent tutorial -- it was very clear and well written.

By: Angel S. Moreno

I've been using putty for a while but never made use of the tools or settings described. Super helpful.

By: metazone

This should be a model for tutorials -- succinctly states why we need to do something and then provides a very nice explanation --

By: Michael

Very clear and simple, thanks.

By: uptoome

This worked right out of the box. Thank you.

By: KB

Very well done and easy to follow directions.

I had problems with the keys generated by putty for some unknown reason, possibly due to not adding the username, though I'm not sure.

Instead, I generated them on the server using ssh-keygen -t rsa then copied the .pub key over to authorized_keys2 and downloaded the private key to my local machine (being sure to remove the private key from the server for security purposes afterward). I then was able to import the private key into PuttyGen and save it out as a .ppk file and work with the rest of your instructions.

By: Anonymous

Thanks for this great tutorial! 

By: DreadfullyDespized

This is a great article, thanks for this.  It worked great on my WD My Book Live 2TB.

By: Anonymous

Drove me nuts - Listening on the wrong port in sshd_config, changed it because work think it is a safer to use the known port...

By: Fredy10

Very good how to! its very easy and clear!

Thanks!

By: krumov

This is really Good HowTo which is clear enough for everyone , even the newest people who are touching the mouse and the keyboard for the first time ever.

Great !

By: David Coll

Doing this will result in most frequent Server resused your key.

 You must create your private key on linux using "ssh-keygen", then import the private key in putty, save it on window for putty-use.

On server you do "cat id_rsa.pub >> authorized_keys2  "

 ..and voila.

By: CreeWarrior

Nice many thanks