User avatar
Nfarrow
Posts: 47
Joined: Sat Dec 20, 2014 1:24 am
Location: Oklahoma, USA
Contact: Website Facebook Twitter YouTube

Creating SSH Keys in Windows Tutorial

Wed Jan 20, 2016 8:51 am

Here are some steps on how to create SSH keys rather than using a password.
Watch this Youtube video if you don't like to read. https://www.youtube.com/watch?v=1OEXs_u ... e=youtu.be

In this Tutorial you get to learn how to generate ssh keys using puTTYgen and how to launch puTTY using batch.

Step 1
Download
puTTY & puTTYgen from http://www.chiark.greenend.org.uk/~sgta ... nload.html
WinPuttyHelper from https://github.com/VeggieVampire/WinPuttyHelper

Step 2
Login to your Pi.
run

Code: Select all

mkdir -p .ssh; touch .ssh/authorized_keys
logout

Step 3
Run puTTYgen to generating a new key.
You need to select which type of key you want to generate, and also select the strength of the key.
Then press the Generate button, to actually generate the key.
Once you have generated the key, select a comment field and a passphrase. if you want to type a passphrase every time( I don't)
Now you’re ready to save the private key to disk; press the Save private key button. (it should end in ppk)
Under Key you should see a lot of random text. Right click and "select all" and "Copy" it into your buffer.

Step 4
Login to your Pi.
Navigate into your account home directory.
Once there, we are going to echo the key into your authorized_keys file.
Run

Code: Select all

echo "YOUR VERY VERY  LONG KEY" >> .ssh/authorized_keys 
Your key pair is now ready for use.

Step 5
Open the WinPuttyHelper.rar file.
copy post_login_cmds.txt & setup.bat
run

Code: Select all

setup.bat
After setup is completed you can remove "-m post_login_cmds.txt" from the bat file it generates and it will auto login without loggin out of your server.



Why is using SSH key more secure than using passwords?
SSH keys are long and complex, far more than any password could be. But they don't expire, and they sit on a disk where they can be stolen from. On the other hand, they don't get transmitted to the remote system (except key forwarding, use Sneakernet ) which passwords need to be. Passwords are generally, predictably, unavoidably weak. While it is possible to have strong passwords, time and again it has been shown that people will use weak passwords and have poor password practices... short, simple, word-based, simple patterns ("[email protected]!"), write them down, use them on multiple sites, base them on their phone number, their children's birthdate, their own name. You point out that keys don't expire, but why do passwords expire? To ensure that a brute-force attack is less likely to crack a password before it's been replaced. Not an issue that impacts keys.And, bad passwords aside, even "good" passwords are vulnerable to brute-force (online or offline) under the right conditions. They have to get transmitted to the other system, or to any other place that the user can be fooled into sending them by mistake.The balance of evidence strongly suggests that passwords are weaker and keys are stronger. - gowenfawr http://security.stackexchange.com/quest ... -passwords
Twitter: @farrownick
Instagram veggievampire
I own a lot of Pis....

Bardly
Posts: 11
Joined: Fri Mar 08, 2019 12:13 pm

Re: Creating SSH Keys in Windows Tutorial

Fri Mar 08, 2019 7:09 pm

Hi, When I get to the end with the setup.bat I go through everything but I never get Putty opening and running the $USER commands, I'm not sure why that's happening, any insights?

Edit: It was because the Putty.exe was in C:\Program Files. Took it out of there and everything worked as it should

Thanks

CanteoCantineo
Posts: 3
Joined: Mon Mar 25, 2019 3:27 pm
Contact: Website Twitter

Re: Creating SSH Keys in Windows Tutorial

Mon Mar 25, 2019 3:37 pm

Hi!

I have never used Putty before.
I have always worked with SmartTTY for creating SSH conections.

Do you know if is possible to create the SSH conections with this other tool?

Return to “Teaching and learning resources”