Using PuTTY under Windows
From BNL Physics Computing
Contents |
A common ssh client used with the Windows operating system is PuTTY available from the PuTTY home page. This implementation provides all common elements of the ssh tools including a key generation program (PuTTYgen) and an ssh agent (Pageant).
Using PuTTY
Generating keys with PuTTYgen
To generate a public and private key pair for use with PuTTY, start the PuTTYgen program. You should see the following:
The default is to create an RSA key pair with 1024 bits. Click on the "Generate" button and then move the mouse around in the window to generat entropy for the keys. When the operation is completed, the application should look something like the following:
You can change the "Key comment:" field to something more meaningful, but you should definitely enter a passphrase in the "Key passphrase:" and "Confirm passphrase:" boxes. Once you have entered your passphrase, you need to save the public and private keys by pressing the "Save public key" and "Save private key" buttons, respectively. Private keys generated with PuTTYgen have the file extension .ppk. By default, the key files will be saved in the directory one up from your "My Documents" directory.
If you are installing a public key generated by PuTTY onto a unix/linux gateway you must convert the key to OpenSSH format. On unix/linux you can do this like:
ssh-keygen -i -f my-public-putty-key > my-public-openssh-key
You can then add this OpenSSH key to your .ssh/authorized_keys file. If you need to rely on your system administrator to install the key they should be able to do this conversion for you.
Using an existing key pair with PuTTY
If you want to use an ssh key pair generated on another machine, you need to copy them, in a secure manner from the machine on which you generated tehm to your Windows machine. If the keys were not generated with PuTTYgen, then you must use PuTTYgen to convert the private key into the .ppk format. To do this you should open PuTTYgen and select the "Conversions" menu option.
The only option in the submenu should be "Import key" and you should select that option. In the resulting file dialog box, select the private keyfile that you want to convert. When you click on the "Open" button, you should be prompted for the passphrase of the private key you are importing. Once you type in the passphrase and click on "OK", you should see something like the following:
The box should contain the public key corresponding to the private key you just imported. You can change the "Key comment:" field to something more meaningful and you can change the passphrase if you want. You should then save the converted key with the "Save private key" button.
Using the PuTTY ssh agent (Pageant)
To use the ssh agent that comes with the PuTTY package, you just have to start Pageant from the PuTTY menu. Starting the agent will put an icon of a computer terminal with a hat on it 
in the system tray. To load a key into the agent, right click on the Pageant icon and click on "Add Key". A file dialog will come up and you should open the private key file you want ot load. You will be prompted for the key's passphrase.
If you want the agent to start automatically and load your private key when you atart windows, then simply add the .ppk file to your "Startup" folder in your "Start" memu (this assumes that you intalled the PuTTY programs using the Windows installer method so that the association between the .ppk extension and the Pageant program was made). If you want to add more than one key at startup, then put something like the following in your "Startup" folder.
C:\Program Files\PuTTY\pageant.exe <keyfile> <keyfile>Where <keyfile> is replaced with the path to the keyfiles you want to load. If you do this, then when you start up your machine a dialog box asking for the passphrase for the private keyfile(s) you put in the Startup folder will popup. After entering the passphrase, the Pageant icon should appear in the system tray and it should contain your private key.
Once the agent is running and your key or keys have been loaded into it, PuTTY will attempt to use it each time you login to a remote machine. If your public key has been put in the ~/.ssh/authorized_keys file on the remote machine, then you will be logged into the remote machine without having to type your password.
You can also invoke PuTTY from Pageant by right clicking on the agent icon in the systray and selecting one of your saved sessions from the "Saved Sessions" submenu, or selecting a new session with the "New Session" menu item.
Forwarding the agent
The ssh agent can be used in subsequent logins if you forward the agent to each machine in the chain. To have PuTTY forward the agent, check the "Allow agent forwarding" box in the Auth configuration page (see figure).
Be sure to save the session configuration.
