How to use SSH Public/Private keys in PuTTY

Three different factors to prove your identity can be used: Something you know, something you have and something you are. To make the authentication procedure more reliable, you should always try to use at least two of these three factors. When using public/private keys for authentication, and protecting the private key with a passphrase, you can combine two authentication factors and thus make the authentication procedure more reliable and hence, your server more secure.

When using SSH public/private key authentication, a user needs to generate a public/private key pair on his workstation. After generating them, the user must copy the public key to a file with the name authorized_keys. This file is typically in the users home directory on the server, placed in a hidden subdirectory that has the name .ssh. In this procedure you'll learn how to generate a public/private key pair on a Windows workstation where PuTTY is used.

1. Make sure that the complete PuTTY package is downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. This package includes the PuTTYgen command. Start this command. It opens the PuTTYgen Key Generator window (see Figure 1).

   [IMAGE]
   Figure 1: Using PuTTYgen you can generate a public/private key pair from a graphical interface

2. Specify in the lower part of the window what type of keys you want to generate. I advise you to use a 2048 bits DSA key, with less than this amount of bits the security level that is obtained is not high enough. Select this option, and click "Generate." To generate the key, you must move the mouse cursor over the PuTTYgen window, this generates random data that PuTTYgen uses to generate the key pair.

3. Once the key pair is generated, you see a window as in Figure 2. In this window, you need to specify the key properties. You have to accomplish two important tasks here. To begin with, you need to copy the public key that you see in the upper part of the window and save it in a file. Don't use the option ¨Save public key" as it doesn't save the key in a format that is useable in Linux. Therefore copy the public key, open Notepad and past the key in a new file. Next save the file on your computer.

   [IMAGE]
   Figure 2: You must save the public key using copy and paste to a file.

4. Next, still from the same window that you see in Figure 2, you can specify a passphrase to protect the private key against unauthorized use. Of course you could choose not to use a passphrase, but that really is a security risk, therefore it is really ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchEnterpriseLinux.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchEnterpriseLinux.com

   As an existing member of the TechTarget network please activate your SearchEnterpriseLinux.com account 

   By joining SearchEnterpriseLinux.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   Digg This!     StumbleUpon     Del.icio.us

   
   
   
   

   RELATED CONTENT Administrator Creating virtual appliances with Novell SUSE Studio Access and repair an ext3 file system with the superblock Solving Linux server hangs stemming from kernel issues How to solve logical volume management issues Troubleshooting Logical Volume Manager boot problems Linux provisioning automation with Cobbler How to fix master boot record partition table problems Five Linux commands you have (probably) never heard of How to install and get started with OpenQRM Backing up the Linux master boot record Securing Linux best practices Hardening Linux with Bastille UNIX Security essentials for Active Directory on Linux A look at real-world exploits of Linux security vulnerabilities Five common Linux security vulnerabilities you may be overlooking For Linux security, principle of least privilege prevails, says Red Hat security expert Hardening SUSE Linux Enterprise Server in eight steps Reducing Windows desktop total cost of ownership Linux security guide: Linux, open source security tools and tips Red Hat Enterprise Linux 5, JBoss to receive security boost Setting up SSH for remote, secure server access Linux administration and management Recovering a lost administration password on Ubuntu Server How to fix master boot record partition table problems Fixing Linux boot problems with GRUB Learning the craft of Linux administration with "Pro Linux System Administration" Troubleshooting Linux boot problems The Ext4 file system: A real improvement in Linux file storage? A look at real-world exploits of Linux security vulnerabilities Using virtualization to reinvent high-performance computing on Linux Five common Linux security vulnerabilities you may be overlooking Building a Linux infrastructure with maximum automation

   RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Heartbeat  (SearchEnterpriseLinux.com) tty command  (SearchEnterpriseLinux.com)

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   recommended to use a passphrase anyway. Choose one that is not too easy to guess and enter it in the fields "Key passphrase" and "Confirm passphrase." Next click "Save private key" to save the passphrase in a file.

5. Now open the PuTTY window en load the configuration in which you want to use the passphrase. In the lower left part of the screen, open Connection > SSH > Auth. This opens another window that you see in Figure 3. In this window, click "Browse" to browse to the location where the private key is saved and add the private key to this session.

   [IMAGE]
   Figure 3: In PuTTY, you need to specify which private key you want to use.

6. Next, still in PuTTY, go back to the option "Session" in the left part of the window and click "Save." This saves the private key to be available the next time you open a PuTTY session as well.

7. Now you temporarily need to quit the PuTTY window to open a Windows command prompt. From this command prompt, use the command "pscp" (part of the PuTTY package as well) to copy the public key to a temporary file on your Linux server. Create this file in the home directory of the user that is going to use the key; that would be the user root in most cases. In the example below you see how to copy the PuTTY public key to a temporary file with the name tempkey in the home directory of user root on server myserver.example.com:

   pscp pubkey root@myserver.example.com:/root/tempkey

8. Now establish an SSH session to the server. On the server, use cd to activate the home directory of the user root and use the following command to add the public key to the authorized_keys file in the subdirectory .ssh:

   cat tempkey >> .ssh/authorized_keys

9. You now are ready. Since SSH on all distributions accepts login based on public/private key by default, PuTTY will automatically log you in using the key pair the next time that you establish a session with that server.

In this article you have read how to use public/private keys to establish a better secured session between a Windows client and a Linux server. Use it if possible, because using keys is so much more secure than using passwords when establishing a remote session using an untrusted network such as the Internet.

About the author: Sander van Vugt is an author and independent technical trainer, specializing in Linux since 1994. Vugt is also a technical consultant for high-availability (HA) clustering and performance optimization, as well as an expert on SLED 10 administration.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseLinux.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.