FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: telnet/SSH
Key Authentication with PuTTY
Posted on 09 May 2005 06:37 AM

This guide is based on PuTTY and PuTTYgen release versions .58, and assumes some knowledge of SSH and working with files on the server and your computer.

PuTTYgen can be used to generate a key pair which will allow you to log in via SSH using public key authentication.

PuTTY and PuTTYgen can be downloaded from:

Let's get started.

Open PuTTYgen and under Parameters you should see the defaults of SSH-2 RSA and 2048 for number of bits in generated key. These settings are fine, and you can just leave them.


Generate key

Click the "Generate" button and a progress bar will appear. PuTTYgen will ask you to move the mouse around to "generate randomness"...just move the mouse around in the blank space using random motions while it processes...

When it's finished, you will need to enter some information for your key file. The key comment field is basically another way of saying "name" of the key file... It tells you which key file it is... The default "key comment" will be in the form of key type and date. If you have more than one key, you will probably want to name them accordingly to tell them apart. For example: mysite-rsa-key-20050504

Comment and Passphrase

Your key passphrase, if you choose to use one, is what you will have to type when connecting to the server (you can use Pageant to automatically do this for you...for a guide on Pageant, visit http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html#pageant...Pageant can also be downloaded from the location referenced above for PuTTY and PuTTYgen). If you do not wish to use a passphrase, then do not type a passphrase at this point and the key will be saved unencrypted. Not using a passphrase will allow you or anyone using the key file to automatically connect to your account, without requiring a passphrase to be entered when connecting. To set a passphrase, you'll need to type it and confirm it where asked. If you use a passphrase, just make sure that you DO NOT FORGET IT as you cannot recover it.

Next, you will need to save your private key file.

Save Private Key

Click "Save private key". The save box will come up and you'll need to select a directory on your computer to save it to and type in a filename for it (be sure to leave the file type as .ppk).

Now you'll need to upload the public key contents to your account on the server.

Public Key Contents

You can do this process using the CNC or via SSH using the Unix shell. Brief instructions for both follow.

Installing the public key using the CNC:
Navigate to your /big/dom/xDOMAIN/USERNAME (replace xDOMAIN with your xdomain and USERNAME with your account username) directory and create a directory within it named .ssh. Set the permissions on the .ssh directory to 700 (see How do I change file permissions? (chmod) if you need help with changing file permissions.)

Within the .ssh directory, create a file named authorized_keys. Copy the entire contents of the box where it says "Public key for pasting into OpenSSH authorized_keys file" (starting at ssh-rsa) and paste them into the authorized_keys file (be sure to copy it exactly as it is and include no leading or trailing spaces or line breaks). Set the permissions on this file to 600 (see How do I change file permissions? (chmod) if you need help with changing file permissions.)

Installing the public key from the Unix shell:
Log in to your account using SSH and while in the $HOME directory (/big/dom/xDOMAIN/USERNAME), do the following:
$ mkdir .ssh
$ echo "paste public key contents here" >> .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
$ chmod 700 .ssh

Now that you have created your key files and installed your public key on the server, it's time to start up PuTTY.

In PuTTY, under Session, enter your Host Name - this is simply your domain name (no www or http) - ex: example.com

Select SSH for the protocol. (You should now see 22 for the port.)

Under SSH, choose 2 from Preferred SSH Protocol Version. (shown below)

SSH2 Preferred

Under SSH -> Auth in PuTTY, you will need to specify where your private key can be found. Remember this is where you saved the private key on your local computer. Click Browse to locate the file on your computer. (It will be the file with the .ppk extension.)

Private Key Location

If you wish to have your username automatically sent to the server when connecting, under Connection -> Data in PuTTY, you will see a field for "Auto-login username". Type your account username there.

Account Username

Save your settings to be used in future sessions - Under Sessions, type a name (such as "my site") in the Saved Sessions box and click Save.

Save Session

Now, select that session name by clicking on it and click Open.

Open SSH

If you did not set PuTTY to automatically enter your username, you will need to do so when prompted. After the username has been given, if you used a passphrase when creating your key file, you should see a message that says something like:

Authenticating with public key "keyfilename"
Passphrase for key "keyfilename":

Enter your passphrase if prompted. You should now be successfully logged in.

Please note: FutureQuest does not provide direct technical support for the use of third party applications, such as PuTTY. Any questions or support issues should be directed to the product's support department. You are also welcome to ask any questions within the FutureQuest Community forums.