Creating and Using SSH keys with PuTTY and NetManager
What are SSH keys?
Data is encrypted and decrypted using keys. The longer the key, the more secure the encryption. If the same key can be used to both encrypt and decrypt data, this is known as a symmetric key. Using symmetric keys has inherent problems. The people or computer systems doing the encryption have the ability to decrypt your data too. The key could be stolen from them thus allowing your data to be read anywhere. For these reasons, it is best to use asymmetric keys.
When using asymmetric keys, you generate a pair of keys known as public and private keys. The public key can be used to encrypt data, but that data can only be decrypted using the private key. As their names imply, this means you can give the public key out to allow people to encrypt data for you and as long as you keep your private key to yourself, only you will be able to read it. The private key never leaves your computer and can itself be further protected by a passphrase so that even if your computer is stolen, your data is safe.
The SSH protocol allows you to use public and private keys for user authentication. The keys are generated on the client, not the server, and then the public key is copied to the appropriate servers that you wish to access. The private key remains on the client and allows only that client access.
Using keys for authentication gives a further level of security to SSH. If password access is disabled on the NetManager then SSH connections to the server without a valid SSH key will be rejected.
Creating SSH key pairs
- Download PuTTY and PuTTYgen from the PuTTY web site.
- Run the program 'PuTTYgen'.
Figure 1:PuTTYgen configuration page
- At the bottom of the Window that appears select the 'SSH2 RSA'protocol.
- Click the 'Generate' button in the middle section of the Window. You will now be asked to move the mouse around over the Window to create random code for your SSH key. You may specify a passphrase to protect the private key if you wish.
- Click on the button labelled 'Save private key' and save the file somewhere on your harddisc (remember to keep this secure).
- Open Notepad from 'Start Menu->Programs->Accessories'.
- Go back to the PuTTYgen window and highlight all the text in the box labelled 'Public key for pasting into OpenSSH authorized_keys2 file' and press Ctrl-C to copy it to the clipboard. Do not attempt to use the file created if you choose 'Save public key', as this is in the wrong format.
- Go back to notepad, click into the window and press Ctrl-V to paste the text from the clipboard.
- Save this file somewhere as filename 'authorized_keys'.
- Once saved, locate the file and if a '.txt' extension has been added to the filename rename it and remove the extension.
Figure 2:Example of an OpenSSH key (text highlighted)
Copying the public key to the serverThe authorized_keys file created above needs copying to a directory called '.ssh' in your home area on the NetManager. You may need to create this directory. The simplest way to do this is to copy the file to your home area when you are next on site (we assume that you are generating these keys on your home computer). If you are using Windows to access your home area, it is possible that files and directories beginning with a full-stop will be hidden, so you may need to change your folder options to show hidden files.
On the other hand, you may be working from home and want to copy the public key onto the server. To do this, follow these instructions:
- Download and run the standalone version of WinSCP from the website.
- Type in the server name as well your username and password and click Login
Figure 3:WinSCP logon page
- If you don't have a .ssh folder create one (Ctrl-D)
Figure 4:User's home area in WinSCP
- Browse to the .ssh folder and simply drag and drop your authorized_keys file into it (click Copy on the Copy window that appears).
- Quit WinSCP
Using the keys with PuTTYOn your client machine as part of your SSH configuraton, you can specify a private key to use. You will find this under the 'Connections->SSH->Auth' section of the configuration page. Click on the browse button next to the box labelled 'Private key file for authentication' and browse to the private key file you saved earlier.
Figure 5:PuTTY authentication page
You can now configure any other options you want. For reference, you will need to specify the address to connect to as 'username@servername_or_ip' (e.g. for user test on server with IP address 220.127.116.11 you would specify 'email@example.com').