January 6, 2008

Putty feature - Putty authentication agent

Using RSA/DSA key pairs (public and private key) for SSH connection authentication has many advantages. It makes the authentication process more secure (especially when someone can see what are you typing on your keyboard), it enables using automated scripts for backup, etc. Under Windows you can generate RSA/DSA key pairs for ssh connection with the PuTTYgen application.

If you already have your RSA/DSA key pair generated, you copy-pasted the public key to the server to ~/.ssh/authorized_keys, then you can use the private key as an authentication mechanism instead of a password. If you have generated your RSA/DSA keys with a passphrase (I recommend to generate it with passphrase enabled) then you will be requested to enter it while authenticating.

image

image

Sometimes you have to connect to more servers at once, and have to enter the passphrase or a password as many times as many ssh session are you creating. To overcome the need of entering the passphrase, you can use the Putty authentication agent.

Start pageant.exe. A new Pageant icon will be added to the system tray:

image

Doubleclick on the Pageant icon and a window similar to the following figure should be displayed:

image 

The Pageant window contains a list of enabled RSA/DSA keys which are automatically provided to putty or scp applications for RSA/DSA keys based authentication of the SSH session.

Click on Add Key and search for your private RSA/DSA key which you are using for SSH. If you are using a passphrase in your private RSA/DSA key (I highly recommend to use it) then just enter the password and the private key will be added to your enabled keys list.

image

image

That's all. Now if you try to connect to your ssh enabled host, your ssh connection authentication may look like this:

image

and a scp file copy may look like this:

image

!!!BEWARE!!!

Do not forget to lock your computer screen when you are leaving it and you have RSA/DSA keys enabled in Pageant! Otherwise anyone who has physical access to your computer can connect to your servers with ssh without having to know your passphrase.