PuTTY, Pageant, SSH
Another of those things I don’t do often enough to remember:
When accessing a remote server from Windows using PuTTY, I often use SSH authentication using Pageant (as opposed to authenticating using passwords).
Also, I want Pageant to start when my Windows PC starts, and I want Pageant to load the relevant public keys automatically.
I assume we already have the requisite public/private key pair (PEM format), generated on the server we want to access. Or, in the case of AWS, I assume we captured this info when we provisioned our EC2 server.
This is not an
ssh-keygen tutorial. There are many out there - here’s one. But in a nutshell, the main commands are:
ssh-keygen -t rsa cd ~/.ssh cat id_rsa.pub >> authorized_keys
Convert SSH Public Key to PuTTY Format
The PuTTY tools use their own format for keys (PPK - putty private key), so we first need to convert our PEM-based public key to a PPK using PuTTYgen:
Run the PuTTYgen program.
Load the SSH public key (ensure you have selected “all files *.*”, otherwise you won’t see it).
Save the new private key whatever.ppk (no passphrase). Keep this file in a secure place.
Run Pageant on Windows Start-Up
This is for Windows 10. YMMV.
Create a shortcut file for Pageant. It’s typically installed here:
The shortcut will probably be saved to the desktop. Copy it to the following directory:
Right-click on the shortcut file and choose “Properties”. The Target property should contain something like this:
Add a space-separated list of paths to your PPK files to the end of the Target command.
For example, assuming there are no spaces in your PPK file names and paths:
"C:\Program Files\PuTTY\pageant.exe" C:\path\to\server1.ppk C:\path\to\server2.ppk
Restart your PC.
The Pageant icon should be visible in the icon tray. If you double-click the icon, you should see a list of the keys currently loaded into Pageant.
Tell PuTTY to Use Pageant
Use the following setting:
A Note on User IDs for AWS
In PuTTY, go to the Connection > Data > Auto-login username setting. If you are using an EC2 server, and the image is for EC2-AMI Linux, then the user name is
ec2-user. For other flavors of OS it will be different (e.g.
ubuntu for Ubuntu).
WARNING: All of this is only as secure as the private key. Keep your private keys safe and secure. It’s also only as secure as the machine where you set it up. How secure is your laptop?
Update PuTTY Now
And finally: When did you last install PuTTY? Time for an update?