Thursday, July 29, 2010

Generating ssh keys in PuTTY

I had to fire up Windows today to explain to someone how to generate ssh keys (for use with PuTTY).  I figured since I went to all that trouble, I should share...

Note: The Linux version of puttygen is all command-line, so these instructions will only work with the Windows version.


When you first run puttygen, the default (along the bottom) should be to create a key type "SSH-2 RSA". If not, select that. 1024 bits is fine (box at the very bottom right), which should be the default.


Now, hit "Generate". It will ask you to move the mouse around a bit to generate some randomness. When that is done, it will generate the key. Put your email address in the "Key comment" field. Then select the key in the box at the top (under "Public key for pasting into OpenSSH authorized_keys file:"), copy it, and paste it into the .ssh/authorized_keys on the system you want to be able to login to with that key.


Fill in the box next to "Key passphrase" with something long that you'll remember. (It's fine to use a full sentence or something. Remember, it's a passphrase, not a password.) Enter the passphrase again in the "Confirm passphrase" box.


Next hit the "Save public key" button and save that half to a file with "public" in the file name. Then hit the "Save private key" button and save that half to a file with "private" in the file name.


In PuTTY, in the configuration dialog, expand "Connection" in the left pane (if it isn't already), then expand "SSH". Click on "Auth". Next to the box that says "Private key file for authentication", hit "Browse" and select the "private" file you just saved. Be sure to save your settings so you don't have to feed this in every time. (Click on "Session" at the top of the left pane, then under "Saved Sessions" click on "Default Settings" and hit "Save".)


Now when you try to login to the system you previously dropped your public key on, you should be prompted for the passphrase for your key rather than the password for your account on the system.

If I may add a little editorializing here, I do have to point out that this is all much easier with ssh-keygen on Linux.  And, IMHO, if you're doing Linux administration from a Windows PC, you're doing it wrong.  But that's just me.  :-)