I wrote this back in 2005 on my old blog (since deleted). As I was setting this up again tonight, I’ve re-posted this as it’s a useful reference. Text is blue has been added for the re-post
Sick of trying to remember root passwords for my *nix boxes, I’ve finally got round to configuring key based authentication using OpenSSH and Putty. This is a quick description of the setup and configuration that is required to get this going. There are some useful links at the end for background and understanding.
Download putty.exe, pageant and puttygen. Next, fire up puttygen and create an ssh key-pair (private to keep on the workstation, public to dole out to the hosts you’ll be authenticating to). Generate lots of lovely entropy by waggling the mouse furiously and pick a decent pass-phrase (one recommendation is to create a nonsense phrase of five or more words. Something you can remember but won’t be found in any books. That will be pretty strong and you then add a few character replacements, you’ll have a very strong pass-phrase).
Save your newly created public and private keys on the workstation that you’ll be making connections from.
Next up, copy the public key text from the ‘puttygen’ window and open up an SSH connection to one of the hosts you want to configure. Login as the user you want to key authenticate and paste the public key text into a ~/.ssh/authorized_keys. Save the file and logout. Note that this process can be automated somewhat using Plink and cat. If you’ve got a lot of servers to add the key to, it would be trivial to knock up a batch file using Excel and the concatenate function.
Note that it is important that the text be in the format shown in the puttygen window. I always forget this and spend ages fannying around trying to figure out the right format for authorized_keys. If you just load your keys into the puttygen application, it will provide the appropriate key-text for you (just hit the ‘load’ button and select your private key).
Back on the Windows box, run pageant.exe with the path to your private key as an argument. Pageant will prompt you for your pass-phrase (stick this command in your startup directory to make life easier).
Now, when Putty is run, it will detect the presence of Pageant and attempt to authenticate using the key you’ve provided. Bear in mind that if you’ve not configured a host correctly, login will fail silently. Thus, it’s worth checking the ‘Attempt "keyboard-interactive" (SSH2)’ in the ‘Auth’ section of putty’s options so that you’ll get a password prompt if key authentication fails.
Now just look after your private key and pass-phrase and all will be well with the world.
The following are pretty useful to get you up and running :
