Tuesday 15 April 2008
This is a short note describing how to setup PuTTY ssh access to allow passwordless login between a Windows workstation and a Linux/Unix environment. I seem to keep needing to do this and it there's always one or two small bits I forget.
The aim is to be able to double-click a PuTTY shortcut (or saved configuration) and have a terminal pop-up without any interaction i.e. no username/password input necessary.
Additionally, by switching on agent forwarding, any subsequent ssh requests from inside the Unix environment (e.g. onto other hosts) are passwordless and automatically authenticated. Pretty nice.
Generally, if you use PuTTY at all from Windows onto multiple Linux/Unix machines, this is most likely the setup you want and makes working with ssh very smooth and easy.
If you want to dive in and mainly know what you're doing:
puttygen to generate a key pair. Note: there is a specific format for the public key that needs to be cut and pasted from puttygen dialog into ~/.ssh/authorizedkeys2pageant and add your private key. This can be automated via shortcut, e.g. pageant path/to/private/key.putty and make sure that the following are set:
Connection->SSH->Auth has agent forwarding onConnection has Auto-login username set.Connection->SSH->Auth has the correct location to your private key file.First, the following are required:
Run puttygen to generate a key pair. This will generate two files you'll need to save separately - your private and public keys. Keep these somewhere safe e.g. in My Documents. Protect your key with a passphrase. Running puttygen will also generate some garbled text in the text box - this is your public key and is suitable for Unix land but it needs to be copied into your home directory area. Login into your Unix account via normal means and take this public key text and cut and paste it into the file: ~/.ssh/authorizedkeys2 - append to the end if it already exists. Note: the format of this text is different to the public key puttgen saved in My Documents (although it is the same key). This format doesn't play nice with the format the Linux/Unix world uses (i.e. within .ssh) which is why puttygen also gives you the nice text for Linux/Unix land too. Assuming your Linux/Unix home directory is NFS mounted (most are), this public key will be used to automatically authenticate access to any machine that mounts it.
Open up pageant and add your private key. This can be automated by making a shortcut to pageant.exe and changing the options to: pageant path/to/private/key You'll be prompted to enter your passphrase once. Pageant is an ssh agent that holds your key in memory. Secure tools like ssh and scp will automatically authenticate against it whenever you use them. You need to start up pageant and enter your passphrase once per Windows session. i.e. whenever you login. But the upside is that you won't then need to ever enter your passphrase again for the remainder of that session when using PuTTY or ssh to other Unix hosts from within PuTTY.
There are three main things you need set. Also make sure you type a hostname and save your settings!
Connection->SSH->Auth has agent forwarding on - this is the magic switch that allows you to ssh to other Unix machines inside PuTTY without being prompted for credentials.Connection has Auto-login username set to your Unix account name.Connection->SSH->Auth "Private key file for authentication" points to your private key file generated earlier with puttygen. This is the special sauce that allows PuTTY to automatically authenticate you if your key is already loaded in pageant.If all's gone well you should see a terminal pop up and your shell prompt appear without any request for credentials.
If not, these are some things to check:
authorizedkeys2 file in the directory .ssh inside your Unix home directory i.e. /home/rob/.ssh/authorizedkeys2