Friday, May 18, 2007

Annoyance solved: Putty and OpenSSH keys

Since I'm a notorious windows user, I alternate between using Cygwin's (or any *nix variant) openSSH client and Putty to connect to various SSH hosts. The only problem is that the openSSH-generated private key is not compatible with Putty.

Private keys with SSH allow you to access a remote host without typing your password if the place you're logging in from is a place you trust enough to say, "hey, whenever I log in from this computer, you don't need to ask me for my password." I trust my own laptop enough to store a private key on there. It works great with open-ssh - I just ssh into a host that I've granted my accepted public key to and it lets me in right away without asking for a password. However, for whatever reason, Putty (the really good and simple ssh client) doesn't like ssh private keys. Since I move my private keys around from trusted computer to trusted computer where I use putty and open-ssh interchangeably, it's kind of annoying for Putty to not accept my open-ssh generated key.

Anyway, with PuTTYGen, you can convert the open-ssh keys to a putty-friendly key. The process is as follows:

  1. Create your private key using ssh-keygen.
    $ ssh-keygen -t dsa
    This places the public (id_dsa.pub) and private (id_dsa) keys in your ~/.ssh directory.

  2. Copy your public key into each remote host you'd like to log in without using a password
    $ scp ~/.ssh/id_dsa.pub user@remotehost.com:.ssh/authorized_keys2
    Note that the .ssh directory should already exist. If it doesn't, create it.

  3. Test it to make sure it works:
    $ ssh user@remotehost.com
    This will hopefully let you in to the remote host without asking for your password. If it doesn't, log in to the remote host, change the permissions to 700 on ~/.ssh/authorized_keys2, exit, and try again. If it still doesn't work, use your favorite search engine to figure it out and then come back here.

  4. Convert the key into a putty-friendly key by using PuTTYgen. Start the application, then click "Load", point it to the ~/.ssh/id_dsa file (not id_dsa.pub), and convert. Save it as a new key - puttygen will add the file extension "ppk" to the file.

  5. Start up putty, load your favorite remote host profile, go to the Connection->SSH->Auth section of the profile and configure the Private Key for Authentication to point to the newly-generated ppk file.

Now both putty and open-ssh can be allowed entry using the same public key. No more password entry! Works well with svn, cvs, ssh, scp, sftp, whatever.

1 Comments:

Blogger Jason said...

Just wanted you to know that people are still using this tip successfully. Very much obliged.

2:46 PM  

Post a Comment

Links to this post:

Create a Link

<< Home