DISCOVER
X

Setting Up SSH Keys on Windows to Connect with Linux Machines

April 15, 2014 10:36 pm Leave your thoughts
FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail

This article is a part of my back to basic series. Before you think that this topic is not basic at all, I will say that this still satisfies the basic category in a sense that this should be a basic knowledge that a developer should know; especially if he/she develops with a windows machine. The information in this post will greatly complement the article about setting up batch file upload from Windows to Linux machine.

Connecting from a Windows machine to a Linux machine via SSH is probably one of the safest and most convenient methods around. Unfortunately, the setup process is somewhat not very straightforward.

Software Requirement

Let us start with the one single software that we need to install on our Windows machine. This is PuTTY. Quite simply, this is the de-facto application for creating connections and logging into Linux machines via SSH from most Windows machines.

To download, go to: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

I recommend downloading the windows installer, which will include the full suite of PuTTY application. Here’s the direct link for your convenience http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.63-installer.exe.

So download it and install the software, when done, look at the next step below.

Test the Connection to the Linux Machine

The first thing to do is to test the connection from your windows machine to the Linux machine. There’s no point setting up SSH key if basic ssh connection does not even work.

For this article, the Linux machine’s IP is: 192.168.0.19 of course this is going to be different for the real server that you want to connect to.

So first start your putty from the start menu:

putty

This should be pretty straightforward, just start->PuTTY->PuTTY

After this, you will be presented with the PuTTYmain window, simple enter your server address in the address box and press connect. In the screenshot below I’m using my test server’s IP which is 192.168.0.19

putty_initial_connection

Upon pressing open, if this is the first time you are connecting to the server (if you are reading this, chances are that this is your first time), you will be presented with a nice security alert.

putty_initial_warning

Slightly discomforting but this is pretty normal warning when you are connecting to a foreign server. If you are sure that this is indeed your server (you should really know this anyway), then press yes. PuTTY will then save the fingerprint to the cache, you won’t be asked for the second time again.

As soon as you press yes you will be presented with a login window. Simply enter you server login information and you will be authenticated into the server.

putty_logged_in putty_server_login

So this is a good test if you are able to login properly. Now exit the server for the time being as we don’t need it open, have just verified that we are able to login to the designated server from a Windows machine via PuTTY.

Creating the SSH Key

The second step towards our goal to connect to a Linux server via SSH is creating the SSH key itself in the Windows machine. In order to do this we will have to use the software that came with the PuTTY installer: PuTTYgen.

puttygen

This software is an SSH key generator for Windows. Simply start the software and you will be presented with the application screen. Make sure that the appropriate key type is selected, in most cases SSH-2 RSA would be just fine.

puttygen_random

Click on Generate and move your mouse around in the blank area, this is to generate the random key itself. Once one you will see the public key in the main display box. Don’t worry about copying and pasting the key for now, just click on save public key and save private key. I normally save the public and private key under the folder owned by my Windows user login such as the Documents folder. This just to add a bit more security as the public and private key is like a house key. In addition to this, you can also add the key passphrase for added security.

puttygen_complete

Save the public key as my_key.pub and the private key as my_key.ppk. PuTTY allows you to put any file name when saving the keys but it’s best to use these extensions so that you can easily differentiate which key is private and public.

This ends this section for creating the public and private key.

Install Your Public Key in the Destination Server

Our next step is to install the public key that you have just created in the destination server’s authorized keys list.

Again, start your putty and enter the server details, including the user login (in my case it’s codingepiphany). This time press save as well so we can save our customisations later on.

putty_save_server

After pressing save, just click on open like before and enter the server credentials. You will be presented with the remote terminal, keep this one open for now and leave it alone.

terminal

Now, we need to add the public key to the server. If you still have the PuTTYgen window open, just copy the public key (ctrl-c) from the box, otherwise just open the public key file that you saved before and copy the content. Make sure you don’t add any whitespace before and after.

Let’s go back to the terminal. We need to add the public key in our clipboard to the authorized_keys file in the server. So in the server use the following commands:

This will ensure you are at your home directory and then we attempt to enter the .ssh directory. If the .ssh directory does not exist, then just create one.

Then use vi or any editor of your choice such as nano, to open or create the authorized_keys file.

When the file is open, paste the items that are in your clipboard to the file. Don’t forget to enter edit mode when using VI (here’s a basic cheatsheet). To paste the content of the clipboard simply rightclick on the space and the content will be pasted in.

authorized_keys

When done with copy and pasting the public key, save the file and exit the editor.

Adjust the permissions.

The test server that I’m using is an Ubuntu server, in my case in order for the authorized keys to work specific permissions must be setup for the .ssh and authorized_keys file. The details of the permissions can be found here . Here are the permissions modification commands anyway:

You have just added your first public key to the Linux server for your user account.

Logging in with the Private Key using Pageant

Now, this is the fun last part. Also included with your PuTTY installer package is the PuTTY Agent, also known as Pageant. This is an agent that will keep authentication with the server, very simple to use.

pageant

Simply start pagent from the start menu and you will see that the software is running in your system tray.

pageant_tray

Right-click with your mouse and select view keys in order to see the list of keys. Then click on Add Key and select they key file that you created before. Make sure you selected the private key. In general Pageant will filter the files for you so that you can only see the private keys anyway.

pageant_add_key

If you entered a passphrase in the step where you create the keys previously, you will be asked to enter the passphrase. You’ll only be asked once, this is why it’s handy to have PuTTY agent to run by default on Windows startup.

When you have successfully add the key to the key list, just press close and let Pageant running.

Lastly, to test if your keys are all setup and working, open PuTTY again and load your previously saved session, then click on open. You won’t be asked any passwords at all, you just authenticate straight away into your designated server.

putty_login

Other Usages of the Private Key

Although Pageant is a very handy application, sometimes we want to use the private keys directly, such as the case with my batch script windows to linux article. If you have followed the steps in this article (excluding the pageant part), you should be fine logging in to the server by specifying the private key to use directly. Note that WinSCP does not support passing on passphrase at the time of this writing, so the private key that you use must be generated without a passpharase, so take care to protect the private key files.

Closing

I hope this article helps those out there who just started on connecting to Linux machines from Windows machine or any of you who just want to refresh on the knowledge. Don’t forget about the heartbleed problem too, take care and keep your openssh server updated. Have fun!

 

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail
Tags: , ,

Categorised in: