You are here: Home User Information Authentication SSH Windows SSH Key Generation

Windows SSH Key Generation

by throwe — last modified Jun 05, 2008 11:28 AM
Contributors: John DeStefano
Follow the steps indicated to generate and use an SSH keypair under Windows using the PuTTY set of programs.

The PuTTYgen program is used to generate a public/private key pair under Windows and will generate a 1024-bit RSA key by default. PuTTY programs are available from Simon Tatham.

Generate A New Key Pair

  1. On the desktop machine or laptop that you will be using to login to the RACF, from the PuTTY submenu in the Start menu, open the PuTTYgen program.
    PuTTY Key Generator
  2. The PuTTY Key Generator
  3. Using the defaults, click the Generate button, and then move your mouse around in the space above the Generate button.
  4. When the key pair generation has completed, you will see a result similar to the following image, with both the Save public key and Save private key buttons now active. If desired, you can change the value of the Key comment: field.
    PuTTY Key Generator Results
  5. PuTTY Key Generator Results
  6. Enter a passphrase in both the Key passphrase and Confirm passphrase fields.
    PuTTY Key Generator Passphrase
  7. PuTTY Key Generator Passphrase
  8. To save your new keys, click the Save public key and Save private key buttons.
    The default save location for both files is the folder just above your My Documents folder, and your private key will have the file extension .ppk.
    Keep this window open so that you can copy and paste the key fingerprint later in the procedure.
  9. To upload your key file, browse to:
    https://web.racf.bnl.gov/Facility/SshKeys/UploadSshKey.php
    In order to view the form, you will be prompted for your Kerberos user name and password.
  10. Click the Browse button, and in the dialog box, navigate to your ~/.ssh directory (or the directory in which your public key file is stored).
    The dialog box will likely open in the default location for the key files. If not, you will need to navigate to the appropriate folder. Once in the correct folder, select the public key file, and click Open.
  11. Copy and paste your public key fingerprint from the Key fingerprint: field of the PuTTY Key Generator into the second box in the form, or type it manually into the dialog box. The key is comprised of 16 2-digit hexadecimal numbers separated by colons (:).
  12. To upload your key file, click the Send File button.
  13. You can now login to one of the gateway machines using SSH keys. You will be prompted for the passphrase for you private key during the login process. The passphrase will not leave your local machine.
  14. To obtain your Kerberos and AFS credentials, once you have logged into a gateway machine, enter the command:
    kinit -5 -4 -l 7d
    
    where the third argument is a lower case L, exactly as specified.

Using an Existing Key Pair

  1. To load an existing key into the PuTTY Key Generator, and to obtain the fingerprint of an existing public key, click on the Load button. The window will now appear similar to the image below:
    PuTTY Key Generator Passphrase
  2. PuTTY Key Generator Passphrase
  3. Proceed to upload your key as specified above.

Use an Existing Linux Key Pair on a Windows Machine

  1. If you have already uploaded a Linux public key to LDAP, you can use the same private key on your Windows machine by copying the Linux private key to your Windows machine, and converting the key to PuTTY format.
  2. After copying the private key to your Windows machine, launch the PuTTY Key Generator, and from the Conversions menu, choose Import.
    PuTTY Key Generator
  3. In the dialog box, browse to and select the private key file. As the file is imported, you will be prompted to enter its passphrase.
  4. After importing the key, to save it in .ppk format and use it on your Windows machine, click Save private key.
  5. It may be necessary to convert your public key as well: to do so, click Save public key.

 

Use an Existing Windows Key Pair on a Linux Machine

  1. To use a key that was generated in Windows on a Linux machine, from the PuTTY Key Generator's Conversions menu, choose Export OpenSSH Key, and then copy the resulting files into the .ssh directory of the Linux machine.

For More Information

For additional information on using SSH keys with PuTTY, see:
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html

Document Actions