You are here: Home > Tips + Tricks  > Remote Engines > Creating and setting up a key pair.

Creating and setting up a key pair.

We have to be able to log in with a key pair instead of a password. We therefor have to create a key pair. This should be created at the Linux computer, and you are currently logged in through putty. At the Linux prompt type:

oystein@thelinuxbox:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oystein/.ssh/id_dsa): <press enter>
Enter passphrase (empty for no passphrase): <type a password or leave blank>
Enter same passphrase again: <retype password>
Your identification has been saved in /home/oystein/.ssh/id_dsa.
Your public key has been saved in /home/oystein/.ssh/id_dsa.pub.
The key fingerprint is:
.
.

If everything is fine you should now have a key pair in your .ssh directory. You can check this by typing:

oystein@thelinuxbox:~$ cd ~/.ssh
oystein@thelinuxbox:~$ ls -l
-rw------- 1 oystein oystein 672 2010-05-03 20:11 id_dsa
-rw-r--r-- 1 oystein oystein 610 2010-05-03 20:11 id_dsa.pub
-rw-r--r-- 1 oystein oystein 442 2010-04-06 16:42 known_hosts

You need a file called authorized_key in this same directory that contains the public keys that can be used for logging in. This can simply be done with concatenating the authorized_keys file with id_dsa.pub like this:

oystein@thelinuxbox:~$ cat id_dsa.pub >> authorized_keys
oystein@thelinuxbox:~$ ls -l
-rw-r--r-- 1 oystein oystein 610 2010-05-03 20:16 authorized_keys
-rw------- 1 oystein oystein 672 2010-05-03 20:11 id_dsa
-rw-r--r-- 1 oystein oystein 610 2010-05-03 20:11 id_dsa.pub
-rw-r--r-- 1 oystein oystein 442 2010-04-06 16:42 known_hosts

You must then change the file permissions for the authorized_keys file.
oystein@thelinuxbox:~$ chmod 600 authorized_keys

You have now got the necessary key pair on the Linux side, we now need to copy the private key to the windows computer. You need to start a windows Command Prompt window. You can usually start this from the Windows menu. Click: Start -> All Programs -> Accessories -> Command Prompt. The Command Prompt will open, and you can type:

C:\Documents and Settings\oystein\> cd c:\putty

You should now use secure copy (scp) or pscp as it is called in the putty distribution. I will use my username (oystein) and my host name (thelinuxbox) in the example. You must of course use your username and host name or IP address.

C:\putty> pscp oystein@thelinuxbox:/home/oystein/.ssh/id_dsa .

Note the . at the end.

Hint by Martin in 2013: You can also use the program WinSCP to copy the file.

Note: I've experienced that you can not use ~ instead of /home/oystein. It looks like you have to type the full path of the key.

Type the password when prompted, and you will see a output like this:
id_dsa                    | 0 kB |   0.7 kB/s | ETA: 00:00:00 | 100%

Now start puttygen:
C:\putty> puttygen


Click on the Load button, and change the file type to: All files (*.*). Select the id_dsa file which you have just secure copied from Linux, id_dsa, and then press Open. A message box should then give you a notice that the import was successful. As it says: To use this key with putty, you need to save it in Putty's own format. After closing the message box, click Save private key button and select a good filename. It's recommended to use the .ppk extension. A good filename can therefore be id_dsa.ppk. After saving, you can close the window.

Note: For the sake of security, it is recommended that you delete the id_dsa file that was secure copied from linux on the windows system. You really don't need it on the Windows system anymore, and if someone gets it they sure knows how to take advantage of it. So, my clear advice is to remove this file after you have saved the .ppk file.

Putty uses a agent system to handle key pairs. The agent is called pagenat. Before you start any remote connections you should therefore run the agent and load the key into it.

C:\putty> pageant

Nothing appears to happen, but if you look in your system tray you see you got a little icon of a computer wearing a hat. Right-click this icon and select the Add Key menu item. Find the id_dsa.ppk file you have generated and select it and press Open. If you selected a password when you created the keys on the linux machine, you will be prompted for this password.


If you now again right-click the pageant icon, and then select View Keys, you will see that your key is loaded in the pageant agent. Just close this window.

You are now ready to log in to your linux machine without using a password. Try it out:
C:\putty> putty oystein@thelinuxbox

You should then get a new terminal window to the linux machine, and you should not be prompted for a password. You don't need this terminal window so you can just exit. It's just to test that the key pair and pageant works correctly.

Powered by CMSimple_XH | Template by CMSimple_XH | (X)html | css | Login