Authentication in ssh by key has several advantages. First, the convenience. You can have several servers and one key. It is not necessary to enter the password from the server you need each time, which will save time. Secondly, it is safe. You can disable password authentication and ssh will be protected from brute force.
In this article we will analyze work with Putty on Windows. For it there is a handy utility - pgagent, capable of booting automatically when the OS starts, and storing a private key in memory. It can be used not only for Putty, but also for Filezilla.
Download the Putty distribution on your computer and install it.
The content of the article:
- Генерируем публичный и приватный ключи 1 Generating public and private keys
- Устанавливаем публичный ключ на сервер 2 Install the public key on the server
- Настройка putty agent и добавление в автозагрузку 3 Setting up the putty agent and adding to autoload
- Проверка аутентификаци по ключу 4 Verification of authentication by key
We generate public and private keys
For authentication, you need a pair of keys: public and private. The first key can be downloaded to any server to which you need access. The second key should be protected and not given to anyone. It is advisable to protect it with a password.
Generate a pair of keys using the PuttyGen utility. Run it, leave the default settings: key type ssh-2 rsa, length 2048 bits.
Click on the Generate button, move the mouse until the key is ready.
After a couple of moments, the keys will be created. Copy the contents of the “Public key for pasting into OpenSSH authorized_keys file:” window and save it on the desktop in a text document mypublickey.txt. This is your public key in the OpenSSH format.
Create a good password to protect your private key and enter it in the Key Passphrase and Confirm Passphrase fields. If someone receives your key, he will not be able to use it because he will not know the password.
But if you do not see this as necessary, the password can be omitted. The private key, in this case, will be protected worse.
After that, click on the button Save private key and specify where to save the key.
Install the public key on the server
Log in to the server under the name of the desired user. In its home folder, create a .ssh directory .
# mkdir ~ / .ssh; chmod 0700 ~ / .ssh
Then in this folder you will need to create a file to store the authorization keys - authorized_keys:
# touch ~ / .ssh / authorized_keys; chmod 0600 ~ / .ssh / authorized_keys
Remember the public key saved on your desktop? Open the text file in which we saved it and copy the key completely.
After that, on the server, open the authorized_keys file using your favorite editor (nano, for example) and paste the copied public key. Save the file.
The same actions can be done using sftp client. Filezilla perfectly cope with the task. We also create the specified folder and file, edit, etc.
When the public key is stored on the server, it's time to set up the putty agent.
Setting up the putty agent and adding to autoload
Authentication can also occur with the help of putty, if the private key is specified in the corresponding settings column. However, this is inconvenient if you also need to use the sftp client. Then it is better to load the key with the help of the putty agent: we run the pgagent once and have access when we want. Need to change the key? Not a problem - we change only in the agent and nowhere else. And in order not to start the agent manually each time, you need to make it loadable when Windows is turned on. :)
To add pgagent to autoload, create a shortcut to pgagent.exe. In the properties of the shortcut, in the item “Object” just write the path to each key, separated by spaces.
"C: \ Program Files \ PuTTY \ pageant.exe" S: \ folder \ key.ppk S: \ folder \ key2.ppk
The created shortcut needs to be copied to the startup folder. To do this, open the Start menu, select All Programs, right-click on the Startup folder, and click the “Open” item in the context menu.
Move or copy the pgagent launch shortcut to this folder. As a result, the Startup section in the Start menu should look like this.
Reboot the computer. If all actions have been done correctly, the pgagent icon will be displayed on the taskbar, if you double-click on it, the main application window opens with the keys loaded.
Please note that if your key is password-protected, then the password will need to be specified in the agent immediately after authorization in Windows. Password is requested only once after switching on, before logging out.
Verification of authentication by key
It remains only to verify the validity of ssh authentication by key. Run putty and connect to your favorite server.
Successful authentication result:
Authenticating with public key "something" from agent
If everything is configured incorrectly, an error message will be displayed and you are asked to type in the password. :)