Contents. PuTTYgen download and install PuTTYgen is normally installed as part of the normal PuTTY.msi package installation. There is no need for a separate PuTTYgen download. For detailed installation instructions, see. Running PuTTYgen Go to Windows Start menu → All Programs → PuTTY→ PuTTYgen. Creating a new key pair for authentication To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA).
How to connect to an SSH server from Windows using PuTTY. Mar 12, 2013 • Scott Granneman. I had to write these instructions up for an intern at WebSanity who uses Windows. We need him to SSH (& SFTP) to our Linux server & we only allow access via keys. On a Mac OS X or Linux box, this is a pretty easy process, as I’ll detail soon. Connect to a server by using SSH on Linux or Mac OS X. PuTTY on Windows gives you the option to replace the saved host key. After you have added the public.
Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to collect randomness. The exact way you are going to move your mouse cannot be predicted by an external attacker.
You may need to move the mouse for some time, depending on the size of your key. As you move it, the green progress bar should advance. Once the progress bar becomes full, the actual key generation computation takes place. This may take from several seconds to several minutes. When complete, the public key should appear in the Window. You can now specify a for the key. You should save at least the private key by clicking Save private key.
It may be advisable to also save the public key, though it can be later regenerated by loading the private key (by clicking Load). We strongly recommended using a passphrase be for private key files intended for interactive use. If keys are needed for automation (e.g., with, then they may be left without a passphrase.
Installing the public key as an authorized key on a server With both and servers, access to an account is granted by adding the public key to a file on the server. To install the public key, Log into the server, edit the authorizedkeys file with your favorite editor, and cut-and-paste the public key output by the above command to the authorizedkeys file. Save the file. Configure PuTTY to use your private key file (here keyfile.ppk).
Then test if login works. Managing SSH keys In larger organizations, the number of SSH keys on servers and clients can easily grow to tens of thousands, in some cases to millions of keys. In large quantities, SSH keys can become a massive security risk and they can violate compliance requirements. In the worst case, they could be used to. The can manage PuTTY keys in addition to OpenSSH and Tectia keys.
It works with legacy keys on traditional servers as well as dynamic and keyless elastic environments in the cloud. Any larger organization should ensure they have proper provisioning and termination processes for SSH keys as part of their Identify and Access Management (IAM) practice. Changing the passphase of a key It is recommended that all SSH keys be regenerated and changed periodically. The Universal SSH Key Manager can automate this. Just changing the passphrase is no substitute, but it is better than nothing. These instructions can also be used to add a passphrase to a key that was created without one. To change the passphrase, click on Load to load an existing key, then enter a new passphrase, and click Save private key to save the private key with the new passphrase.
Be sure to properly destroy and wipe the old key file. Creating a new file with a new passphrase will not help if the old file remains available. Videos illustrating use of PuTTYgen Using PuTTYgen to generate an SSH key.
Table of Contents. Install PuTTY Go to (you can find this page by ) & download the EXE installer under A Windows installer for everything except PuTTYtel. Double-click on the EXE & install it. Generate the SSH key You’re going to generate SSH keys that work on Windows & UNIX (Linux & Mac OS X). If you’re using Windows only, you certainly don’t need to generate the UNIX keys. But who knows—one day you might get a real operating system (that’s the UNIX bias in me speaking out), & it would be nice to have your SSH keys for UNIX already made. You’re going to need to store the keys somewhere.
I would not recommend using the PuTTY folder in Program Files, as you will forget about it & fail to back it up. Instead, create a folder called SSH Keys (in Documents, for instance) on your hard drive & use that. Or you can use Dropbox or even Microsoft SkyDrive. Just make sure you keep those keys safe & backed up! Create Windows SSH keys Go to Start PuTTY PuTTYgen.
The PuTTY Key Generator opens. Leave the defaults alone & press Generate. Move your mouse rapidly over the blank area of the window to create random date it can use to create the key.
Press Save Public Key. When asked where you want to save the file, navigate to the SSH Keys folder you created earlier. For File Name, just enter public.
Press Save Private Key. When asked “Are you sure you want to save this key without a passphrase to protect it?”, press Yes. When asked where you want to save the file, navigate to the SSH Keys folder you created earlier.
For File Name, just enter private. You have now created the SSH keys that will work on Windows with PuTTY.
Create UNIX SSH keys Select Conversions Export OpenSSH Key. When asked “Are you sure you want to save this key without a passphrase to protect it?”, press Yes. When asked where you want to save the file, navigate to the SSH Keys folder you created earlier. For File Name, enter idrsa.
Make sure that Windows or your text editor didn’t add an extension onto the end. To save the public key, select the text in the box under “Public key for pasting into OpenSSH authorizedkeys file” & copy it. It should look something like this: ssh-rsa AAAAB3NzaC1yc2EAATUDNWEIOKZAixw8LANsVbPCnE7OT4OFwC37AQr7kjP6gOoONc/duxnP0iPf+jZM7vRS/vTkq8kUnDoTvHRxI6slCj8HWWu+Z+jSukggf48DpZ+Ty9Wn7wceDhdYcrWT1UAoPKBwQit/h3vPx777hsaTKCYsjkpeCozPgf6JitABCDEFGekNU= rsa-key-20630316 Paste it into a text editor like or (NOT Notepad or Word!) & save. When asked where you want to save the file, navigate to the SSH Keys folder you created earlier. For File Name, enter idrsa.pub. Look in the SSH Keys folder to make sure that Windows or your text editor didn’t add another extension onto the end, like.txt or.htm or something like that.
Configure PuTTY Open PuTTY. Select the Session category. For Host Name, enter foobar.com (or whatever your SSH server’s host name is). Select the Data category. For Auto-Login Username, enter admin (or whatever SSH username you’re using).
Select the Connection category SSH Auth. For Private Key For Authentication, choose private.ppk.
Go back to the Session category. For Saved Sessions, enter FooBar (or whatever descriptive text you’d like) & press Save. Log in with PuTTY Open PuTTY. Select the Session category (it’s the default). Select the FooBar saved session, press Load, & then press Open. The very first time you connect to your SSH server, you will see a PuTTY Security Alert that says “The server’s host key is not cached ”.
Press Yes & you’ll never see that again. You should now be logged into your SSH server. Start issuing commands.
Because a decent, free SSH client on Windows is like. In the UNIX world, there are a plethora of great, free SSH clients (we call them terminals, he said snarkily), but when it comes to Windows, you have a bunch of and PuTTY (if you loathe PuTTY—& believe me, I understand— has some good options). And no, is overkill.
Why no passphrase? Well, convenience, really. In, I explained it this way: Some of you are wondering about the security of this trick.
No passwords? Freely exchanging keys? It’s true, but think about it for a moment. True, if someone gets on pound, he can now connect to eliot without a password. But that simply means that you need to practice good security on pound. If pound is compromised, you have enormous problems whether or not the attacker realizes that he can also get to eliot.
On top of that, you shoot passwords around the Internet all the time. If an attacker acquires your password, he can do major damage as well. Isn’t your private key as important as a password? And aren’t you going to back it up and safeguard it? When you think about it in those terms, exchanging keys via ssh is at least as secure as passwords, and in most ways much more secure. That said, if you’d rather use passwords, then you’ll probably want to use so you’re not constantly forced to keep entering your password when you use your SSH keys. Of course, you need to be able to see the extensions on your files in the first place, something that Windows hides by default (Mac OS X does too, & it’s just as stupid for Apple as it is for Microsoft).
I’ve written instructions detailing that have proven quite popular over the years. This is one poorly-designed GUI. Really, I have to jump around three different screens to enter info that should be on one?