Jon Griffin's Site | Using PuTTYgen and Pageant

This is part 3 of the No Plain Text Passwords series. To make your life easier and more secure you can setup your computer using PuTTYgen and Pageant to not use any passwords when you login.

Transcript

OK so basically after you install the programs WinSCP and Putty, you can go up to your programs and find here… first thing we want to do is go to the putty menu…and you’ll notice there’s a lot of stuff. We’ve got P agent and PSFTP, putty, putty manual, putty website and puttygen. For today for this lesson all we really need to worry about is P agent and puttygen.

The first thing we need to do is open up puttygen. So you’ll see it’s a blank screen that says no key. So what your goal here is to create a public and private key pair which it shows you here (generate a public-private key pair). So what we’re going to do is generate. All you do is randomly move the mouse around in this blank area (like it says. So it’s creating some randomness. So, there’s your key right here). And you can also name it. (That’s what I usually do “my key from this machine.”) So that way you can keep track because you may have laptops or other things.

Generally you want to have a key pass phrase. The longer the better obviously but make sure you can remember it because there is no way to pull out the password because it’s also encrypted in there. So we’ll just type in some kind of key phrase that you can remember. And of course it’ll ask you if you want to confirm it. (So you don’t have to worry about it.)

So then what we want to do is save public key (and we’ll save that somewhere. You can see I have a couple but for testing we’ll just say: “my new key.” So we’ll save that). We also want to save it as a private key. (“My new private key.”)

All right, so that’s basically done. I want to comment on the parameters.

Never use SSH1 unless your host requires you to use it (and I would say they have a security problem). I always use SSH2 RSA. It’s the most compatible although there is one server that I use at the University that doesn’t like it. But it’s still OK to use DSA but RSA is much better. And just leave the number bits generated to 1024 that’s plenty of security for what we’re doing. If you have a lot of highly sensitive stuff you can go up to 2048 but it’s going to take a lot longer to calculate and other things. So generally that’s all you need.

OK so that’s it for puttygen. We’ve saved those keys.

So the next thing we want to do is go back to our menu. We go to our programs and we go to putty. This time we want to go to P agent. And what that does, (it doesn’t look like it did anything but) you’ll notice that there’s a little icon down here in my icon bar. So you can open that up and it’s going to pull-up P agent key lists.

So what P agent does is it remains in memory. Don’t worry. It doesn’t take hardly any… you won’t even notice the difference. But whenever you try to open up a secure connection either through WinSCP or through putty (and maybe filezilla works with it as well. I’m not sure. You could try that). But what it’ll do is actually… log in. So you just have to add the key. You’ll find it; we’ll call it “my new private key.” You open it and you see it asks for the pass phrase. So I’ll type that in. And we’ll hit OK. And so right here we have the key. (And you can see “this is my key from this machine.” So that’s an easy way to remember things as well.)

So that key is now memory resident. You never have to deal with it again. So from the point of P agent we’re done and as far as puttygen you’ve already created your key. So there’s nothing more to do.

So the next thing we’ll do is talk about WinSCP and I’ll do that in another section.

News Updates

If you like this series, please sign-up for our News updates on the sidebar.

We also love comments!