Thursday, June 14, 2012

Creating and Using SSH Keys with Putty and Pageant

If you spend enough time in *nix environments, you get really tired of typing in your password.  There is a way to reduce that typing.  These instructions are meant for Windows users, but will work for anyone.  If you're not using Windows, you can skip the Putty/Pageant section.

Creating and Using an SSH Key

This section is operating system agnostic, except that you are expected to do this on a *nix (most likely linux) system when you do it.  If you don't have a username and password for that system, you need to get that first.  Also, you will need a way to copy your private key to your machine.  You can just use SCP if your machine is a Mac or linux machine.  On Windows, you can use a program like WinSCP.

Generating an SSH Key

First you need a .ssh directory.  Files and directories preceded by a dot (.) operator are hidden.  They only show up is you use an ls -a.  In this case, the .ssh directory holds your public and private keys.  The public key is what you put on someone else's machine to identify yourself.  The private key is what you keep on your machine to identify yourself.  If you do not already have an .ssh directory in your home directory, you need to make one.  Go to your home directory and make one.

cd ~
mkdir .ssh
chmod 700 .ssh

To generate a key, you just use the command ssh-keygen, then just accept all the defaults when prompted.  When asked for a passphrase, keep in mind that this is for the key.  If you provide one, you will have to provide it every time you use they key, which rather defeats our purpose for using it in the first place.

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dnoel/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dnoel/.ssh/id_rsa.
Your public key has been saved in /home/dnoel/.ssh/id_rsa.pub.
The key fingerprint is:
17:af:00:f2:b1:86:5c:2e:6e:b4:54:42:ad:1c:55:9e dnoel@law

Using a Public Key


Once you've created the keys, you need to put your public key in the authorized_keys file on that box.  To do that from your home directory, do the following:

cd .ssh
touch authorized_keys
chmod 600 authorized_keys
cat id_rsa.pub >> authorized_keys

You can now rm the id_rsa.pub file if you wish.  If you want to use this key on multiple machines, you want to follow the same process.  Alternately, if you do not already have an authorized_keys file on the other machines either, you can just copy the one you made to the new machines.  For example, to copy authorized_keys to my staging environment, I could use:

scp authorized_keys stage:~/.ssh

This would copy the file to my home directory on staging.  If I needed to identify the destination server and myself more specifically, I could use something more descriptive:

scp authorized_keys dnoel@stage.localnet:~/.ssh

Using a Private Key

For every server that you want to log in from using your ssh key, you need your private key in the .ssh directory on that machine.  Just copy your id_rsa file to any machine you will be coming from.That's all there is to it!  If you want to login using Putty on Windows, read on.

Using an SSH Key with Putty and Pageant

Once you've created your key, you need to tell Putty about it.  Putty doesn't handle keys, but Pageant does.  So download Pageant.  To use your newly generated key with Pageant however, you will need to make it into a compatible .ppk file.  To do so, you need to download Puttygen as well.

Generating a .PPK File

  1. Run Puttygen, and when it opens, press the Load button.
  2. Select All Files from the file type drop-down, and navigate to your id_rsa file.
  3. Click Ok on the dialog box.
  4. Press the Save Private Key button.
  5. Click Yes on the dialog that pops up asking if you want to save it without a passphrase.
  6. Save the Private Key somewhere where you can find it.

Loading a .PPK Into Pageant

  1. Start Pageant.
  2. If necessary, find it in your  hidden icons on the right-hand side of the taskbar and right-click on Pageant.
  3. Select View Keys from the context menu.
  4. When the dialog opens, click the Add Key button.
  5. Navigate to your .ppk private key.
  6. Close Pageant (it's still running in the background.)
For more information on getting Pageant to run and load keys automatically when your computer starts, refer to the documentation here: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html

Running Putty With An SSH Key

As long as Pageant is running with your key loaded, when you run Putty to connect to your server, you should not be asked for a password.  It should automatically connect.

References

Article on setting up SSH on Linux boxes: http://sshkeychain.sourceforge.net/mirrors/SSH-with-Keys-HOWTO/SSH-with-Keys-HOWTO-4.html
Article on Multi-Hop SSH Logins using keys: http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
Posted by at 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)