I log into my various home Linux servers a lot (I know, geek, right?), so being able to auto log in to the servers helps a lot. Having a weak password or trying to disable password logins entirely is dangerous and insecure. After just a little setup, you can easily do it safely.
This assumes you are using SSH. If you are using Telnet to remotely manage your server, stop now and uninstall Telnet. Telnet sends all of your data, including password in plain text.
Most of these instructions were taken from: http://www.howtoforge.com/ssh_key_based_logins_putty, however I do deviate a little bit as I keep the key bits at 2048. I also don’t have all of the pretty screenshots.
At a certain point you will be asked to make a passphrase (password) for your private key. You can choose not to, however that means anyone can use the keys if they get a hold of them. If you do use a passphrase which is way more secure, when you log in, you will still have to enter a password. There is another program that can be used to store and use the password automatically however on the Windows side called Pageant. Since I’m in a private network with not a lot of outside access, I do it without. I like to live dangerously.
- Download PuTTY and PuTTYGen (Pageant too if you want to use a passphrase with your key).
- Create a profile with the server IP Address, make sure to choose SSH as the protocol. Also in Connection -> Data, specify the user to auto log in as.
- Be sure to save the profile after changes are made, it doesn’t do it automatically!
- Connect to the server. If it is the first time, it will ask to accept the servers host key. Press Yes.
- Open PuTTYGen
- Click “Generate” to generate a key. Move the mouse around the blank area to make it really random.
- After generation, it provides a few more fields. You can change the comment if you would like. Since I’m the only one who uses my personal network, I kept everything default.
- Create the passphrase if you have chosen to go that route.
- Click on “Save private key” and “Save public key” to save them both somewhere safe and where PuTTY can get to them. The public key must end in .txt and the private key must end in .ppk.
For example, I created a folder called “Keys”; in my c:\users\username directory and save them both there.
Highlight and copy the entire key (remember to scroll down/drag down if needed). You can also open the text file and copy from there.
In your home directory (~), create a .ssh directory and change permissions to secure the directory:
mkdir ~/.ssh chmod 700 ~/.ssh
Now create a new file to paste your public key in, then change permissions to secure the key:
vi ~/.ssh/authorized_keys2 chmod 600 authorized_keys2
Note: The file should look similar to below, one line only (just wrapped):
ssh-rsa AACAB3NzC[............]HmYqsZLTdiGlQ4tqKTaRuGbQ== rsa-key-20141004
Quick vi how-to:
- Press i (or insert key) to start insert mode.
- Right click in the PuTTY window to paste.
- Press ESC key to exit insert mode.
- Press : (colon) to enter command mode.
- Type wg to both write and quit.
Back to Windows:
- Close out your putty session (The exit command in Ubuntu will close your session on the server and exit PuTTY).
- Re-launch PuTTY and load the profile made earlier, but don’t connect.
- Go over to Connection -> SSH -> Auth and browse for your private key.
- Remember to go back to “Session” and click Save!
- Now click Open and you should log in automatically!
If you decided to use a pass phrase, you can use Pageant (part of the PuTTY suite) to provide the passphrase automatically. Pageant runs in the tray and waits to enter the passphrase when requested. For setup, just open Pageant and click “Add Key”. Browse to the same private key and enter the passphrase.