Setting up OpenSSH\Putty and key based authentication

I wrote this back in 2005 on my old blog (since deleted). As I was setting this up again tonight, I’ve re-posted this as it’s a useful reference. 

Sick of trying to remember root passwords for my *nix boxes, I’ve finally got round to configuring key based authentication using OpenSSH and Putty. This is a quick description of the setup and configuration that is required to get this going. There are some useful links at the end for background and understanding.

Download putty.exe, pageant and puttygen. Next, fire up puttygen and create an ssh key-pair (private to keep on the workstation, public to dole out to the hosts you’ll be authenticating to). Generate lots of lovely entropy by waggling the mouse furiously and pick a decent pass-phrase.

Save your newly created public and private keys on the workstation that you’ll be making connections from.

Next up, copy the public key text from the ‘puttygen’ window and connect over SSH to the host you want to configure. Login as the user you want to key authenticate and paste the public key text into a ~/.ssh/authorized_keys. Save the file then check run, “chmod 700 ~/.ssh” and “chmod 600 ~/.ssh/authorized_keys”. Note that this process can be automated somewhat using Plink and cat.

Note that it is important that the text be in the format shown in the puttygen window. I always forget this and spend ages fannying around trying to figure out the right format for authorized_keys. If you just load your keys into the puttygen application, it will provide the appropriate key-text for you (just hit the ‘load’ button and select your private key).

Before logging out, check that the /etc/ssh/sshd_config has the following lines uncommented:

PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

If not, make the change and reload the sshd config.

Back on the Windows box, run pageant.exe with the path to your private key as an argument. Pageant will prompt you for your pass-phrase (stick this command in your startup directory to make life easier).

Now, when Putty is run, it will detect the presence of Pageant and attempt to authenticate using the key you’ve provided. Bear in mind that if you’ve not configured a host correctly, login will fail silently. Thus, it’s worth checking the ‘Attempt “keyboard-interactive” (SSH2)’ in the ‘Auth’ section of putty’s options so that you’ll get a password prompt if key authentication fails.

Now just look after your private key and pass-phrase and all will be well with the world.

The following are pretty useful to get you up and running :