PuTTY at VTC

These instructions are incomplete in the sense that some of the supporting configuration files have not been created or updated for lemuria. Watch this space for updates; when the files are ready they will be posted here.


Introduction

PuTTY is a simple, easy to use SSH client for Windows. It is the client the CIS department recommends for accessing college Linux machines. The purpose of this document is to describe specifically how to use PuTTY on the lab machines at VTC to access lemuria via public/private key authentication.

PuTTY's main advantage over other SSH clients is that it is a very small program that can be stored pretty much anywhere. Thus you can put it in your home directory on the Windows file server and have access to it from every lab on campus. You can also copy PuTTY to a flash drive and use it from those locations without any problems.

PuTTY is also fairly easy to configure and use. Although it lacks some of the features available in advanced terminal emulators, you should find PuTTY quite adequate for ordinary, day-to-day use.


Installation

To simplify the installation of PuTTY, we have prepared a custom archive that contains PuTTY, the PuTTY tools, and several files containing configuration information for the VTC network. Download the custom archive and store it on your M: drive. In addition, download the custom setup program and also store it our your M: drive.

Navigate to the M: drive using Explorer and double click on PuTTY-Setup.bat. Follow the instructions. Once the installation is complete you can delete the two files you downloaded: PuTTY-VTC.zip, and PuTTY-Setup.bat

What PuTTY-Setup Does

The setup program creates a folder named PuTTY on your M: drive and stores a number of files in that folder. These files include

The files above are part of the normal PuTTY distribution. However, you will also find a few additional files that we have added.


Installing your Key

When your account on lemuria was created, the system administrator generated a public/private key pair for you and assigned a pass phrase to the private key (the private key is encrypted with the pass phrase). The administrator then installed the public key in your home directory on the Linux host and distributed the private key (in a file) to you. Specifically you should have received the following information from the lemuria administrator:

Store all the files you received on your Windows server home directory in the M:\PuTTY folder. Then do the following:

  1. Using Explorer, navigate to M:\PuTTY and double click onPUTTYGEN. This is a key management tool for PuTTY.

  2. Select 'Conversions|Import key' from the menu. In the file selection dialog box that appears, select id_dsa and load that file into PUTTYGEN. You will be prompted for the passphrase.

  3. Erase the 'Key comment' text entry field (it should initially say "imported-openssh-key") and replace it with a comment that is more appropriate. We suggest "Lemuria access key." This comment will be used by PuTTY to identify which key it is using.

  4. Erase the 'Key passphrase' and 'Confirm passphrase' text entry fields and replace them with a passphrase of your choosing. You should choose a relatively 2long passphrase consisting of multiple words, maybe with some words spelled incorrectly. Also include some punctuation marks, perhaps in strange locations. The pass phrase should be an easy to remember nonsense sentence. Do not forget your passphrase!.

  5. Click on 'Save private key.' Specify the name of the output file as id_dsa.ppk.

You only need to execute the steps above once. They convert the private key file you were given from OpenSSH format to PuTTY format. Once the file has been converted it won't need to be converted again unless you change your keys.

Configuring the Client System

Before you can use PuTTY on a particular machine, you need to configure your Windows account on that machine. To do this, navigate to M:\PuTTY and double click on Client-Setup.bat. Follow any instructions that appear.

Using PuTTY

To use PuTTY to connect to lemuria, navigate to M:\PuTTY and double click on PUTTY.EXE. In the dialog box that appears double click on the saved session named "lemuria." You will be asked for your user name on lemuria. You will then be asked for the pass phrase for your private key. After entering this information, you should be logged into lemuria normally.


What's the Point?

Using public/private key authentication with SSH seems very annoying. Why bother? There are several excellent reasons.


Tricks and Tips

Using the PuTTY SSH Agent

If you will be using one particular machine for a long time (for example your personal machine), you may find it handy to run the SSH Agent program on that machine. This program holds your private key and makes it available to PuTTY on demand. Thus once the agent is running you no longer have to enter your pass phrase to gain access to the remote system.

  1. Navigate to M:\PuTTY and double click on PAGENT.EXE to start the agent. Look for the program as an icon of a computer wearing a hat in the system tray at the lower right corner of your screen.

  2. Right-click on the agent icon and select 'Add key' from the pop-up menu. Browse to M:\PuTTY\id_dsa.ppk in the file selection dialog box that appears and load that file into the agent. You will be asked for the pass phrase.

  3. Now when you connect to a host with PuTTY, you only need to provide your user name on the host. PuTTY will pick up the private key that it needs from the agent.

Updating the *.reg Files

If you want to change the configuration of PuTTY you can do so in the initial configuration dialog box. First select the saved session you want to change and click 'Load.' Make whatever changes you want, and then click 'Save' to write those new changes into your registry.

Click on the 'Start' menu on your Windows system and select 'Run.' In the dialog box that appears, enter 'regedit' (no quotes) and click on 'OK' to run the registry editor.

Open the registry key HKEY_CURRENT_USER\Software\Simon Tatham\PuTTY\Sessions. Right-click on the session you want to update and select 'Export' from the pop-up menu that appears.

Browse to the appropriate *.reg file and overwrite it with the new configuration information.

Configuring Another Linux System

If you want to use public/private key authentication you can simply copy the id_dsa.pub file to the remote Linux system and append it to the file ~/.ssh/authorized_keys. If the authorized_keys file does not exist, just rename id_dsa.pub to authorized_keys. Next, create a new PuTTY session for the additional Linux host, making sure to specify your private key file, M:\PuTTY\id_dsa.ppk, as the authentication key.

That's it!

Transferring Files

If you want to transfer files from your Windows system to lemuria, you can do so using PuTTY's secure FTP program.

  1. Navigate to M:\PuTTY and double click on the PSFTP.EXE program.

  2. In the console that appears, type open lemuria.cis.vtc.edu to specify the name of the host to which you want to connect. Problem: SFTP.EXE does not appear to use PuTTY's saved sessions and hence doesn't know about the location of the private key file.

  3. You can now use conventional FTP commands to put and get files from lemuria. The files will be transferred to/from M:\PuTTY by default.


© Copyright 2007 by Peter C. Chapin.
Last Revised: August 14, 2007