9/01/2009

How to use PuTTY with keys for SSH authentication

Note: This is a repost of an old website page. It has just been moved it here as a blog.


PuTTY is a windows telnet and SSH client implementations. It's free and widely used.For more details you can visit the official site at http://www.chiark.greenend.org.uk/~sgtatham/putty/index.html. The instruction below provide details on the installation and configuration of PuTTY for authentication using keys.

Locate the latest stable version of the PuTTY SSH client and install it on the client machine. At the time of this document, the latest stable version was version 0.58. The PuTTY client can be downloaded from its homepage located at http://www.chiark.greenend.org.uk/~sgtatham/putty/

The primary files required are PuTTY (putty.exe) the actual TELNET and SSH client and and PuTTYgen (puttygen.exe) the DSA and RSA key generation and import utility. You may choose to use the PuTTYgen utility to generate the key pair for you, or if you are using Linux then you may generate the OpenSSH keys. These OpenSSH keys may be imported and used with PuTTY without too much problem. You may choose to generate DSA or RSA keys. RSA keys may be used with SSH versions 1 and 2, but DSA key may only be used with version 2. As far as I can tell, other than the algorithms used the only other performance difference between DSA and RSA is that RSA is slightly faster than DSA.


  1. If you were using OpenSSH to generate an RSA key pair on a Linux box
    • /usr/bin/ssh-keygen -t rsa
    • Then enter the location and name of the file to store the keys
    • Then enter the pass phrase to use and confirm it. Note that pass phrases cannot be recovered and the keys will have to be re-generated.
    • Finally note the fingerprint for future reference and secure the private key files.
  2. PuTTY only accepts PuTTY Private Key Files (*.PPK), so there is a need to convert the OpenSSH keys to PuTTY Keys. This is done using PuTTYgen
    • Start PuTTYgen
    • Select the Conversions menu
    • Select the Import keys menu item
    • Select the private key that was generated in the ealier step and specify the pass phrase that was used (if any)
    • Then save the converted private key file as a PPK file.
  3. The public keys generated will have to be saved into the ".ssh" directory within their home directories. The keys would also have to be appended to the authorized_keys or authorized_keys2 file.


Now PuTTY sessions may be started as normal and users specify the login name to use. There should be no need to enter a password to authenticate. However if you are not using PuTTY Authentication Agent, then you may be required to specify the pass phrase that was used to create the keys

References:
  1. http://www.chiark.greenend.org.uk/~sgtatham/putty/