Difference between revisions of "Create SSH Keys Using Putty"

From UFRC
Jump to navigation Jump to search
 
(22 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{cleanup}}
+
{|align=right
An SSH key set-up can be divided into 4 steps:
+
  |__TOC__
 
+
  |}
*Prerequisite software
+
These steps are handled in a slightly different ways on each operating system. Separate instructions for Microsoft Windows OS variants are listed below.
*Generating your keys
+
__NOTOC__
*Enabling Key Access to HPG
 
*Using Pageant to create persistent key sessions
 
 
 
Each of these are handled in a slightly different ways on each operating system. Separate instructions for Microsoft Windows OS variants are listed below.
 
 
 
 
==Prerequisite software==
 
==Prerequisite software==
  
Here is a list of the software you will need installed on your local machine to start using key-based authentication.
+
Here is a list of the software you will need to be installed on your local machine to start using key-based authentication.
  
* An SSH client (PuTTY, MobaXterm etc)
+
* An SSH client ([https://www.putty.org/ Putty], [https://tabby.sh/ Tabby], etc.)
 
* The Windows Putty Agent (pagent.exe)
 
* The Windows Putty Agent (pagent.exe)
* The command line interface (plink.exe)
+
* The command-line interface (plink.exe)
  
 
You can find many of these to download at the putty site:<br />
 
You can find many of these to download at the putty site:<br />
 
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
 
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  
Most of these software applications are contained in the Windows installer (.msi) for PuTTY and that is the recommended approach. If you do not have administrative authority on your PC you can also download a zip file containing all the needed programs. These will need to be extracted into a folder of your choosing. MobaXterm also contains a similar key generator and can be used in place of PuTTYgen if it is already installed.
+
Most of these software applications are contained in the Windows installer (.msi) for PuTTY and that is the recommended approach. If you do not have administrative authority on your PC you can also download a zip file containing all the needed programs. These will need to be extracted into a folder of your choosing.
  
 
==Generating your keys==
 
==Generating your keys==
 
+
{{Note|'''Never share your private ssh keys''' even with Support staff. Your private ssh key works as your password and it must be kept in a non-shareable space.|warn}}
 
Now we can generate your key pair. Your key pair consists of two keys, one public and one private. The public key is the one that you will upload to HPG. The private key must be kept secure. Once enabled, this key will allow you to login to HPG directly, so it needs to be stored in a safe place. Treat it as you would treat your HiPerGator or GatorLink password and remember the consequences of facilitating unauthorized access to University systems.
 
Now we can generate your key pair. Your key pair consists of two keys, one public and one private. The public key is the one that you will upload to HPG. The private key must be kept secure. Once enabled, this key will allow you to login to HPG directly, so it needs to be stored in a safe place. Treat it as you would treat your HiPerGator or GatorLink password and remember the consequences of facilitating unauthorized access to University systems.
  
To generate your key pair, start the PuTTYgen program. Please see the figure below for an example window. If you are using MobaXterm, then select “Tools&quot; then “MobaKeyGen&quot;.
+
To generate your key pair, start the PuTTYgen program.
 
+
<div class="mw-collapsible mw-collapsed" style="width:70%; padding: 5px; border: 1px solid gray;">
 +
''Expand to view PuTTYgen image.''
 +
<div class="mw-collapsible-content" style="padding: 5px;">
 
[[File:puttygen.png|PuTTYgen window]]
 
[[File:puttygen.png|PuTTYgen window]]
 +
</div></div>
  
Please make sure to select and enter the following options in the lower “Parameters&quot; box: SSH-2 RSA (simply RSA in MobaKeyGen) and 4096 for the number of bits in a generated key.
+
Please make sure to select and enter the following options in the lower “Parameters" box: SSH-2 RSA (simply RSA in MobaKeyGen) and 4096 for the number of bits in a generated key.
 
 
Then click “Generate&quot; to create your key pair. You will be asked to move the mouse around in a random pattern over the window to generate randomness for the key. This may take a bit of time depending on the speed of your computer. Once completed, the public key will be displayed in the “Key&quot; box. The figure below shows what the window looks like after key generation.
 
  
 +
Then click “Generate" to create your key pair. You will be asked to move the mouse around in a random pattern over the window to generate randomness for the key. This may take a bit of time depending on the speed of your computer. Once completed, the public key will be displayed in the “Key" box. The figure below shows what the window looks like after key generation.
 +
<div class="mw-collapsible mw-collapsed" style="width:70%; padding: 5px; border: 1px solid gray;">
 +
''Expand to view Putty at this step, or view lower for everything filled.''
 +
<div class="mw-collapsible-content" style="padding: 5px;">
 
[[File:win-sshkey.png|PuTTYgen with a generated Key]]
 
[[File:win-sshkey.png|PuTTYgen with a generated Key]]
 +
</div></div>
  
Feel free to edit the “Key Comment&quot; field to give your key a nickname. Then protect your private key with a passphrase. '''PLEASE DO NOT SKIP THIS STEP!'''
+
Feel free to edit the “Key Comment" field to give your key a nickname. Then protect your private key with a passphrase. '''PLEASE DO NOT SKIP THIS STEP!'''
  
 
* Please protect your private key with a strong passphrase. This is what protects your key from other customers and intruders if they ever manage to compromise your system. The figure below shows what the window should look like with the information filled out.
 
* Please protect your private key with a strong passphrase. This is what protects your key from other customers and intruders if they ever manage to compromise your system. The figure below shows what the window should look like with the information filled out.
Line 44: Line 45:
 
Please choose a passphrase that is easy for you to remember, but hard for another person to guess. If you need resources to help with generating passphrases, please see: http://identity.it.ufl.edu/process/gatorlink/password-tips/
 
Please choose a passphrase that is easy for you to remember, but hard for another person to guess. If you need resources to help with generating passphrases, please see: http://identity.it.ufl.edu/process/gatorlink/password-tips/
  
Once your passphrase is set, you can use the “Save private key&quot; and “Save public key&quot; buttons to save your keys. Please make sure to save these in a safe place. The private key should be a “.ppk&quot; file and the public key can be a regular text file “.txt&quot;.
+
Once your passphrase is set, you can use the “Save private key" and “Save public key" buttons to save your keys. Please make sure to save these in a safe place. The private key should be a “.ppk" file and the public key can be a regular text file “.txt".
  
By default, the PuTTYgen program converts the key for pasting into an OpenSSH file in the “Key&quot; area of the screen. This is the content you should copy to add to HPG. If you ever need to copy this content again, just click the “Load&quot; button and select your private key file.
+
By default, the PuTTYgen program converts the key for pasting into an OpenSSH file in the “Key" area of the screen. This is the content you should copy to add to HPG. If you ever need to copy this content again, just click the “Load" button and select your private key file.
  
 
==Enabling Key Access to HPG==
 
==Enabling Key Access to HPG==
 +
[[File:HPG_PuTTY.png|Example Connection to HPG using PuTTY | right]]
  
In order to enable key-based login to HPG, you will need to copy the public key content from the PuTTYgen window into your authorized_keys file on HPG. To do this you will need to login to HPG using your account. You can use any SSH client for this step, but for this tutorial, we will be using PuTTY. Go ahead and start your SSH client and log in to hpg.rc.ufl.edu with your username and password. You should see a command prompt in your home directory. To do this in PuTTY, simply start the application, enter “hpg.rc.ufl.edu&quot;, and click "Open&quot as shown in the figure below:<br />
+
In order to enable key-based login to HPG, you will need to copy the public key content from the PuTTYgen window into your authorized_keys file on HPG.  
<br />
+
#To do this you will need to login to HPG using your account. You can use any SSH client for this step, but for this tutorial, we will be using PuTTY. Go ahead and start your SSH client and log in to hpg.rc.ufl.edu with your username and password. You should see a command prompt in your home directory.  
<code>hpg.rc.ufl.edu</code><br />
+
#To do this in PuTTY, simply start the application, enter “hpg.rc.ufl.edu", and click "Open" as shown in the figure to the right:<br />
<br />
+
#Once you click "Open", if this is the first time you have connected to HPG, you will receive a key warning, accept this HPG key to not recive this pop-up in the future.  Then enter your GatorLink username and press the enter key.
 +
#Now you can open and edit your authorized_keys file. To do this, type the following into the command prompt and press enter:<br />
 +
#*<code>nano $HOME/.ssh/authorized_keys</code>
 +
#You will now be editing your authorized_keys file. There will likely already be entries for keys that were generated for your account automatically. Please select copy the data from the PuTTYgen window labeled "key" to your clipboard. 
 +
#Use the arrow keys to navigate to the bottom of the list in the authorized_keys file and paste the data from the PuTTYgen window into this file. All the pasted content should be on one line. Please use right click to copy and paste since that will produce the best results.  
 +
#After you have pasted the information in the file, press the <code>CTRL</code> and <code>o</code> keys at the same time followed by <code>Enter</code> to write out the file. Then press the <code>CTRL</code> and <code>x</code> keys at the same time to exit the editor.<br />
 +
Congratulations your key is now authorized to login to your account on HPG.
  
[[File:HPG_PuTTY.png|Example Connection to HPG using PuTTY]]
+
''Note:'' You can also use a text editor in a terminal or a console session in [[Open OnDemand]] to edit ~/.ssh/authorized_keys file.
 
 
Now you can open and edit your authorized_keys file. To do this, type the following into the command prompt and press enter:<br />
 
<code>nano $HOME/.ssh/authorized_keys</code>
 
 
 
You will now be editing your authorized_keys file. There will likely already be entries for keys that were generated for your account automatically. Please select copy the data from the PuTTYgen window labeled "key" to your clipboard.  Use the arrow keys to navigate to the bottom of the list in the authorized_keys file and paste the data from the PuTTYgen window into this file. All the pasted content should be on one line.
 
 
 
Please use right click to copy and paste since that will produce the best results. After you have pasted the information in the file, press the <code>CTRL</code> and <code>o</code> keys at the same time followed by <code>Enter</code> to write out the file. Then press the <code>CTRL</code> and <code>x</code> keys at the same time to exit the editor.<br />
 
Congratulations your key is now authorized to login to your account on HPG.
 
  
 
==Using Pageant to create persistent key sessions==
 
==Using Pageant to create persistent key sessions==
Line 75: Line 75:
 
This will allow PuTTY to connect without having to enter your password.
 
This will allow PuTTY to connect without having to enter your password.
  
If you are using MobaXterm you can enable the use of the Pageant to pick up your key. The setting can be found under “Settings&quot; then “SSH&quot;. The setting needed is the “Use external Pageant&quot;. The figure below shows this in the settings menu.
+
When you are done with your session, please remember to log out or remove the key from Pageant. This can be done easily by double clicking the Pageant tray icon, click the key you want to remove and then click “Remove Key".
 
 
[[File:Moba4.png|MobaXterm settings for Pageant]]
 
 
 
When you are done with your session, please remember to log out or remove the key from Pageant. This can be done easily by double clicking the Pageant tray icon, click the key you want to remove and then click “Remove Key&quot;.
 

Latest revision as of 13:39, 26 June 2023

These steps are handled in a slightly different ways on each operating system. Separate instructions for Microsoft Windows OS variants are listed below.

Prerequisite software

Here is a list of the software you will need to be installed on your local machine to start using key-based authentication.

  • An SSH client (Putty, Tabby, etc.)
  • The Windows Putty Agent (pagent.exe)
  • The command-line interface (plink.exe)

You can find many of these to download at the putty site:
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Most of these software applications are contained in the Windows installer (.msi) for PuTTY and that is the recommended approach. If you do not have administrative authority on your PC you can also download a zip file containing all the needed programs. These will need to be extracted into a folder of your choosing.

Generating your keys

Never share your private ssh keys even with Support staff. Your private ssh key works as your password and it must be kept in a non-shareable space.

Now we can generate your key pair. Your key pair consists of two keys, one public and one private. The public key is the one that you will upload to HPG. The private key must be kept secure. Once enabled, this key will allow you to login to HPG directly, so it needs to be stored in a safe place. Treat it as you would treat your HiPerGator or GatorLink password and remember the consequences of facilitating unauthorized access to University systems.

To generate your key pair, start the PuTTYgen program.

Expand to view PuTTYgen image.

PuTTYgen window

Please make sure to select and enter the following options in the lower “Parameters" box: SSH-2 RSA (simply RSA in MobaKeyGen) and 4096 for the number of bits in a generated key.

Then click “Generate" to create your key pair. You will be asked to move the mouse around in a random pattern over the window to generate randomness for the key. This may take a bit of time depending on the speed of your computer. Once completed, the public key will be displayed in the “Key" box. The figure below shows what the window looks like after key generation.

Expand to view Putty at this step, or view lower for everything filled.

PuTTYgen with a generated Key

Feel free to edit the “Key Comment" field to give your key a nickname. Then protect your private key with a passphrase. PLEASE DO NOT SKIP THIS STEP!

  • Please protect your private key with a strong passphrase. This is what protects your key from other customers and intruders if they ever manage to compromise your system. The figure below shows what the window should look like with the information filled out.

PuTTYgen with completed pass-phrase

Please choose a passphrase that is easy for you to remember, but hard for another person to guess. If you need resources to help with generating passphrases, please see: http://identity.it.ufl.edu/process/gatorlink/password-tips/

Once your passphrase is set, you can use the “Save private key" and “Save public key" buttons to save your keys. Please make sure to save these in a safe place. The private key should be a “.ppk" file and the public key can be a regular text file “.txt".

By default, the PuTTYgen program converts the key for pasting into an OpenSSH file in the “Key" area of the screen. This is the content you should copy to add to HPG. If you ever need to copy this content again, just click the “Load" button and select your private key file.

Enabling Key Access to HPG

Example Connection to HPG using PuTTY

In order to enable key-based login to HPG, you will need to copy the public key content from the PuTTYgen window into your authorized_keys file on HPG.

  1. To do this you will need to login to HPG using your account. You can use any SSH client for this step, but for this tutorial, we will be using PuTTY. Go ahead and start your SSH client and log in to hpg.rc.ufl.edu with your username and password. You should see a command prompt in your home directory.
  2. To do this in PuTTY, simply start the application, enter “hpg.rc.ufl.edu", and click "Open" as shown in the figure to the right:
  3. Once you click "Open", if this is the first time you have connected to HPG, you will receive a key warning, accept this HPG key to not recive this pop-up in the future. Then enter your GatorLink username and press the enter key.
  4. Now you can open and edit your authorized_keys file. To do this, type the following into the command prompt and press enter:
    • nano $HOME/.ssh/authorized_keys
  5. You will now be editing your authorized_keys file. There will likely already be entries for keys that were generated for your account automatically. Please select copy the data from the PuTTYgen window labeled "key" to your clipboard.
  6. Use the arrow keys to navigate to the bottom of the list in the authorized_keys file and paste the data from the PuTTYgen window into this file. All the pasted content should be on one line. Please use right click to copy and paste since that will produce the best results.
  7. After you have pasted the information in the file, press the CTRL and o keys at the same time followed by Enter to write out the file. Then press the CTRL and x keys at the same time to exit the editor.

Congratulations your key is now authorized to login to your account on HPG.

Note: You can also use a text editor in a terminal or a console session in Open OnDemand to edit ~/.ssh/authorized_keys file.

Using Pageant to create persistent key sessions

In order to take the most advantage of key-based authentication, the most common use is a persistent password-less connection.

If you installed the PuTTY system via the msi, then all the associations are typically set up for you. Simply double click your private key file and enter your key password to load your key into the agent.

Once loaded, you can double click the icon in the lower right tray and it will show you the fingerprints of the keys you have loaded.

This will allow PuTTY to connect without having to enter your password.

When you are done with your session, please remember to log out or remove the key from Pageant. This can be done easily by double clicking the Pageant tray icon, click the key you want to remove and then click “Remove Key".