To use public key authentication, the public key must be copied to a server and installed in an authorizedkeys file. This can be conveniently done using the ssh-copy-id tool. Like this: ssh-copy-id -i /.ssh/tatu-key-ecdsa user@host. Once the public key has been configured on the server, the server will allow any connecting user that has the. To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA). Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to collect randomness.
- Symmetric Key
- Generate Public Key In Cyberduck Free
- Public Key Example
- Generate Public Key In Cyberduck Key
Topics in Systematics and Evolution: Bioinformatics for Evolutionary Biology
This page contains instructions to connect rapidly to your account with your private key. The exercise is part of Topic 1. It assumes you’ve completed the steps: generate a key and configure ssh-agent. The result will be a working setup on your computer to run programs remotely.
Note: watch out for placeholders! Replace the placeholders serveruser
, serverpass
, and serverhost
, with your assigned username, password, and server address (IP).
Instructions: Read the general text, and then follow only the instructions that pertain to your operating system and software.
Time to complete: 5 minutes
Instructions for MacOS (including Cyberduck for Mac)
Edit (or create) file
~/.ssh/config
, and add this information to it, replacing placeholders with your data, (and then save the file):Explanation:
Host
setting is a friendly name that you choose. You will use it as a shorthand alias when connecting: i.e.ssh b525
.HostName
is the address of your assigned server (e.g. 123.123.123.123).IdentityFile
is the path to the private key to use (it will use that one from your agent).User
is your username on the server.ForwardAgent
allows you to connect to other servers from that server while relying on the local agent. This is useful if you hop on from one server to another using one set of keys. If you configure your public key in your github accout, for instance, you would be able to issue git commands without passwords, on the server. If you don’t trust the administrators of the server, you would choose “no”.ForwardX11
allows running graphical applications installed on the server, but viewing the window from your computer. Again, if you don’t trust the admins, set it to “no”.- If you wish to know more about this file, see the manual page:
man ssh_config
Configuring cyberduck.
No config needed! Once you’ve configured your
ssh_config
likedescribed above, then you should be able to connect to your serverusing the short alias you configured, e.g.b525
as part of the “server name”. Cyberduck willalso automatically rely on yourssh-agent
to provide thenecessary credentials.The remaining step is to configure your account on the server to recognize the public key that is loaded in your ssh-agent’s keyring. We will require access to the files of the account. Therefore, we will login once, using your password, and then adding the public key to a recognized filename. On subsequent logins, the key will suffice. There is a helper command that does it for you:
What the above command does:
- logs in to the server as serveruser
- appends the given public key to ~/.ssh/authorized_keys.
Note that the command above uses your new alias (i.e.
b525
), and the default username and server hostname are automaticallyselected from~/.ssh/config
. It is equivalent to the full command:You will be asked you for your account password (not your key passphrase). Once this is configured, you won’t need your password again to connect over ssh.
Note: The first time you connect to a server over ssh, it will ask you to authorize the server’s public keys. The server is also using a public key to identify itself to your computer. Ideally, you know ahead of time which public key to expect.
Instructions for Windows: MobaXTerm
Open a local terminal.
Edit the file
~/.ssh/config
:In the editor, add the following section, making sure to replace
serverhost
andserveruser
:Explanation:
Host
setting is a friendly name that you choose. You will use it as a shorthand alias when connecting: i.e.ssh b525
.HostName
is the address of your assigned server (e.g. 123.123.123.123).IdentityFile
is the path to the private key to use (it will use that one from your agent).User
is your username on the server.ForwardAgent
allows you to connect to other servers from that server while relying on the local agent. This is useful if you hop on from one server to another using one set of keys. If you configure your public key in your github accout, for instance, you would be able to issue git commands without passwords, on the server. If you don’t trust the administrators of the server, you would choose “no”.ForwardX11
allows running graphical applications installed on the server, but viewing the window from your computer. Again, if you don’t trust the admins, set it to “no”.- If you wish to know more about this file, see the manual page:
man ssh_config
Save the file and close the editor.
Run the following command (in a local terminal) to add our public key to the server account:
You will be asked for your server password (not the keypassphrase). The tool will copy the public key to the account’s
~/.ssh/authorized_keys
to recognize this key as a valid way toauthenticate.If this is the first time you connect to that server with Moba,Moba will prompt us to cache the password. I don’t recommendrelying only on saved user/passwords to login to servers. Keys aresafer than saved passwords, and they never leave your computer evenwhen you hop between proxies.
Note: You can access saved passwords in MobaXTerm in:
Menu
->Settings
->Configuration
->General Tab
->MobaXterm passwords management
. You will not need to use a saved password to connect from now on.The output of
ssh-copy-id
will look like this:If you type
ssh b525
like the command output suggests, you should automatically be logged inwithout typing in a password.Create a session bookmark in the MobaXterm menu.
We’ll bookmark a session for connecting to the server by double clicking. This will give us an opportunity to configure terminal settings to map your keyboard correctly.
In the Moba menu, do “Sessions”-> “New session”. Choose “SSH”:
- In “Remote host”, enter your
serverhost
(the IP) - Check “Specify username” and enter your
serveruser
- Leave port at 22
- Click “Advanced SSH settings” Tab
- Enable “X11 Forwarding” (if you want)
- You can leave the rest as is. You don’t need to configure the key there if your agent is running.
- Click “Terminal settings Tab”
- Uncheck “Backspace sends ^H” – this will allow your backspace key to work as it does on windows.
- Under “Terminal Type”, pick “Byobu” – this will allow your function keys to work as expected (for using byobu).
- Click “Bookmark Settings” Tab
- Pick a short name for your session.
- Click the green “OK” to commit the session settings.
- In “Remote host”, enter your
Activate the session
You can retrieve your session bookmark on the left, on the vertical tabs of the main Moba window, under “Sessions”.You can double-click it to start the session.
If you need to go back to change the parameters of the session, you can right click the session icon, and “edit”.
Activating your new session should allow you to see something like this (a prompt provided on the remote server):
Instructions for Windows: Cyberduck
Cyberduck works on Mac and Windows. In theory, it should pick up thekeys loaded in the Pageant program, but there are numerous reports ofthe feature not working as expected on Windows.
So for cyberduck on Windows, you will have to choose either betweenusername/password authentication or loading the key file (.ppk)locally in your session.
- Click “Open Connection”
- Choose SFTP as the connection type.
- In “Server” enter the server host (IP) (
serverhost
) - In “username” enter your server assigned username (
serveruser
) - In “SSH Private Key” browse to find your private key ppk file.
Uncheck “Save Password”
Here is a summary of the configuration for the connection:
When you use this connection, you will be prompted for thepassphrase to your key. Once the keys are loaded, cyberduck willtry to authenticate with them. If this fails (which is the case ifyou haven’t yet configured the public key on your account), it willrevert to username/password login – this is serveruser/serverpass.
Hit “Connect”.
It’s not obvious to know you’re connected sometimes, esp if there are0 files in your account. But the icon in the top right will show“Disconnect”, which means you’re connected. Once you see the filelisting (consider that there may be 0 files listed), you can alsotoggle displaing hidden files with:
Menu
->View
->Show Hidden files
Instructions for Windows: PuTTY
PuTTy can work in conjunction with Pageant to automatically retrieve keys, but we have to copy our public key to the remote account manually. The tool ssh-copy-id
is included in certain toolkits (namely git for windows, and windows Bash) and is a great shortcut. But in this section we will show what to do when it is not available.
Create a new session profile in PuTTy.
- Start putty. Shortcut: windows+r, putty+enter. You will see the (one and only) menu.
- In “Session”. Under “Host Name” enter your server IP:
serverhost
- In “Terminal/Keyboard”. Under “Function keys and Keypad, choose Xterm R6”. This is a sensible default to getsome of the F keys mapped correctly.
- In “Connection/Data”, under “Auto-login username” enter your server username:
serveruser
- In “Connection/SSH/Auth”. Enable “Agent forwarding” (see notes on “ForwardAgent” in
man ssh_config
). - In “Connection/SSH/X11”. Enable “X11 Forwarding” (see notes on “ForwardX11” in
man ssh_config
). - In “Window/Selection”. Familiarize yourself with the mouse button actions. The default might surprise you:
- “Left button selects (and automatically copies)”
- “Middle button extends existing selection”
- “Right button - pastes”.
- Go back to “Session”. Enter a name in the field under “Saved Sessions”:
b525
- After you’ve typed a name for the session, hit “Save”. You will see the new entry in the list of profiles.
Note: Quirks! - If your settings need to be adjusted later on, you will have to click “b525”, then “Load” the profile,make the change, go back to the “Sessions” tab, make sure the session you’re editing is selected, and hit “Save”.
Use the newly created PuTTy session:
- Double click on “b525” in the sessions list.
- Your username should be automatically filled in.
- Type in your password
We’re going to copy the public key over to the server.
Recall the location of your public key file (e.g.
biol525D.ppub
). This file was created with puTTYgen in the previous page.- Option 1: copy using
cmd
andpscp
- Open a command terminal. windows+r,
cmd
+ enter We will copy our public key file over to the server with pscp (which comes with putty). Replace the paths and serveruser/serverhost.
You should see something like this:
Note: The screenshot shows an error because the trailing colon is missing. Without it, pscp assumes that the parameter is the destination name of a local file, rather than a username and server. The error is corrected in the second command. You can use the UP arrow to recall previous commands.
- We just copied a file from our computer to the server account. Since we omitted the name of the remote file (after the colon),the file keeps the local computer’s file base name, i.e.
biol525D.ppub
.
- Open a command terminal. windows+r,
Option 2: Copy with cyberduck
- Open cyberduck, and connect. Navigate the file listing to your home folder (i.e.
/home/serveruser/
). This is the default when you connect. Drag the filebiol525D.ppub
from your local folder, and drop it into the cyberduck filelisting. You might be prompted for your passphrase or serverpassword.
- Open cyberduck, and connect. Navigate the file listing to your home folder (i.e.
Activate the public key on the server account
The final step is to add the public key to the special file
~/.ssh/authorized_keys
on our server account. We will connectto the server using username/password and use the toolssh-copy-id
installed there.Log in to the server with your PuTTy session. If Pageant isrunning in the system tray, you can right-click its icon, go to “Saved Sessions”and pick
b525
. You will be prompted for you account password at this point. Successful loginshould open a command prompt.- At the server prompt (
$
), we enter two commands:The first command converts the .ppub public key file from putty into the openssh format (the server runs openssh tools). The secondcommand lets ssh-copy-id deal with importing the key into
~/.ssh/authorized_keys
. You will have to enter your server password (for the last time).Note: The order of the command line arguments
-i
and-f
is sensitive. Pay attention to the order. It differs in the two commands. Make sure that you are entering the command as provided. The filebiol525D.ppub
has to match the name of the file that you have uploaded (via pscp or cyberduck) The previous set of commands will look like this, when run:
- You can close the terminal, or issue the
exit
command (e
+x
+i
+t
+enter).
You’re all done. Next time you start the saved putty session, (andyour private key is loaded in the agent), you will be logged inautomatically. This applies to all the tools in the putty suite,e.g.
pscp
andpsftp
.
Next
You’re done with this exercise. go back to Topic 1
PuTTYgen is a key generator tool for creating pairs of public and private SSH keys. It is one of the components of the open-source networking client PuTTY. Although originally written for Microsoft Windows operating system, it is now officially available for multiple operating systems including macOS, Linux. PuTTYgen.exe is the graphical tool on Windows OS. While on the other side, Linux OS has the only command-line version could be accessible using SSH commands.
- 1 Download PuTTYgen
- 1.1 Download PuTTYgen on Windows
- 1.2 Download PuTTYgen for Mac
- 1.3 Download PuTTYgen for Ubuntu/Linux
- 1.3.3 Types of Keys Supported on PuTTYgen
Puttygen aka Putty Key Generator
The key generation utility – PuTTYgen can create various public-key cryptosystems including Rivest–Shamir–Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), and Edwards-curve Digital Signature Algorithm (EdDSA) keys.
The aforementioned public-key cryptosystems principally focus on secure data transmission and digital signatures.
Although PuTTYgen collects keys in its native file format i.e. .ppk files, the keys can easily be converted to any file format. For Windows, the software interface is PuTTYgen.exe, whereas, for Linux OS the command-line adaptation is available using SSH commands.
How to use PuTTYgen?
PuTTYgen is used to generate public or private key pair for creating SSH keys. Below is the complete guidance about how to generate RSA key in the Windows operating system:
- Once you install the PuTTY on your machine, you can easily run PuTTYgen. For the same, go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen.
- You will see the PuTTY key generator dialog box on your screen
- You will find a “Generate” button in that dialog. Clicking on it will lead to generating the keys for you.
- Now you will need to add a unique key passphrase in the Key passphrase and Confirm passphrase field.
- Click on the “Save Public Key” and “Save Private Key” buttons to save your public and private keys.
- You will see the text starting with ssh-RSA in the Public key for pasting into OpenSSH authorized_keys file field which is located at the top of the window. Copy that entire text to your clipboard by pressing ctrl+c as you will require the key to paste on your clipboard in the public key tool of control panel or directly on the cloud server.
Various Ways to Use RSA Key Pair
RSA key pair generated through PuTTYgen is used in two various ways defined as below:
- To assign while creating a new cloud server
You can choose the public key from the given list of keys at the time of creating a cloud server. If you don’t find your key in that list, then first add and then assign it. - Assign to an existing cloud server
At the time of connecting to the cloud server, first of all, you need to tell PuTTY to use it for utilizing your newly created RSA key pair.
PuTTYgen being a component of the terminal emulator PuTTY does not have to be downloaded separately, hence, comes with the PuTTY .msi installation package. You can follow the simple steps to download PuTTYgen software for your system. That is the reason why you don’t need to download PuTTYgen separately. Once you download PuTTY software, you will be able to install and run PuTTYgen easily in no time. Below is the complete instruction about how to download and install PuTTY on Windows.
Apart from that, it is also integrated into third-party programs such as WinSCP installation package. Below you can find a complete PuTTYgen download and installation guide for all operating systems.
Download PuTTYgen on Windows
To download PuTTYgen the primary requisite is to acquire the copy of PuTTY installation package. For the 64-bit operating system, one must install the 64-bit version of PuTTY, i.e. putty-64bit-<version>-installer.msi.Similarly, for the 32-bit operating system, the respective 32-bit version of PuTTY, i.e. putty-<version>-installer.msi needs to be installed.
To get PuTTY, go to PuTTY Installation Download page, whereby the complete installation package will be available with setup instructions, installation guide, and download links to all other components of PuTTY such as putty.exe, pscp.exe, psftp.exe, puttytel.exe, plink.exe, pageant.exe and putty.zip.
Following the successful download of the PuTTY installation package. It is time to install the program. Go to How to install PuTTY on Windows, whereby you will find the step by step guidance for PuTTY installation for Windows operating system.
After successfully downloading and installing PuTTY on your Windows machine, you are just 2-3 clicks away to run PuTTYgen. Follow the below-given step by step guidance to run PuTTYgen:
Run PuTTYgen on Windows
To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen.
Voila! Now you can generate public or private key pair using PuTTYgen.
Download PuTTYgen for Mac
Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go -> utilities from the top menu. After that find the terminal which supports SSH connections to remote servers.
However, to run PuTTYgen for mac, the first one must have to install PuTTY. There are multiple ways to install PuTTY, which are Homebrew or MacPorts. Both alternatives will also install the command-line of adaptations of PuTTYgen.
Ported PuTTY for Mac
Mac has the port of PuTTY which can be installed in various ways described as below:
- Installation using Homebrew:
First, install the ‘brew command line’ Once installed use the below-given command to install PuTTY:-sudo brew install putty
- Installation using MacPorts:
First of all, one must install MacPorts and then use the command-line to install PuTTY. Here is the command to install PuTTY via MacPortssudo port install putty
Additionally, a user can also add a shortcut to the desktop by writing the following command line–cp /opt/local/bin/putty ~/Desktop/PuTTY
However, there is an alternative way to install PuTTY on Mac OS. Cyberduck is a widely used Mac OS SSH Client. Once PuTTY installed on the Mac OS, a user can convert PuTTY derived private key format to OpenSSH.
To convert the private key to standard PEM format, type the following command –
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
You can also read the guide to convert .pem file to .ppk using puttygen.
Download PuTTYgen for Ubuntu/Linux
To download PuTTYgen for Ubuntu (Linux) operating system, a user to first install PuTTY. However, in some Linux distributions, the SSH key generation tool – PuTTYgen needs to be installed independently from the PuTTY client.
For example, Debian Linux requires the below-given code to install PuTTYgen:
sudo apt install putty-tools
Generate Key Pair for Authentication in Linux
To create the key pair for authentication in Linux use the below command:-
puttygen -t rsa -b 2048 -C 'user@host' -o keyfile.ppk
Various Command Line Options of PuTTY in Linux
Below are few important command line options in the Linux operating system for PuTTY:
Symmetric Key
PuTTYgen [-t keytype [-b bits] [-q] | keyfile]
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]
Options:
- Keyfile – It is the name of the existing key file to read at the time of changing the current key.
- –t keytype – The command specifies the type of key to creating. Its acceptable values are RSA and dsa.rsa1.
- -b bits – This command specifies a total number of bit in a particular key. 1024 is the perfect size for DSA key, while 2048 or 4096 are the perfect size for RSA keys.
- –q – The command suppresses the message about progress at the time of key generation.
- -C new-comment – The command will specify the comment to describe the key. It can be used for the new and/or existing key. Key operation is not affected by a comment. However, it is used to recognize the key owner, it’s not reliable completely as any value can be applied to it.
- –P – Using the command will update the passphrase of a key. Passphrase helps to encrypt the private key. As passphrase can’t add or update on a command line, it prompts a new passphrase tool to alter it.
- –old-passphrase-file – The old password of the key remains in this file. The command is used when the key is protected by a passphrase.
- –new-passphrase file – This command prompts the new passphrase of the key. It comes in the action either at the time of generating a new key or while applying –P command to change the passphrase.
- -O output-type – This command defines what to give in output. By default, the private key is the output.
Thus, above are the prominent commands of PuTTYgen in Linux operating system. Besides that, there are many other commands available to perform various tasks from the command prompt in Linux at flank speed.
Types of Keys Supported on PuTTYgen
It is important to know the types of key PuTTYgen supports prior to using it. Below are the key types that it currently supports for SSH-2 and SSH-1 protocol:-
Generate Public Key In Cyberduck Free
Public Key Example
- SSH-1 protocol:- For SSH-1 only supports one key i.e. Rivest–Shamir–Adleman (RSA)
- SSH-2 protocol: – SSH-2 supports multiple key types that include – Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Ed25519.
Generate Public Key In Cyberduck Key
The above description is a detailed brief on downloading and running PuTTYgen on all major operating systems. For further details please check the Download PuTTY page.