There comes a time when you're managing so many servers and you're typing in the passwords every time you log on, and the passwords keep on changing, and you think, wouldn't it be nice if you can log on to all your hosts securely without typing in passwords?
With SSH keys you can. Basically you use a key generator to generate a key pair - a public key and a private key. The public key is copied/installed on the remote host. The private key you keep on your local client. You then configure your SSH client to use public-key authentication, based on your private key, instead of passwords. As passwords are never sent across the network, this method is more secure (and convenient).
On Linux systems, you'd be generating the keypair using ssh-keygen. On Windows, I used PuTTYgen. By default, PuTTYgen will save the private key using its native format. There is an option to export the private key in OpenSSH and ssh.com formats though, so they can be used with other applications. I tried the OpenSSH private key generated by PuTTYgen, and it does work with another SSH client like SecureCRT. On SecureCRT, go to Options --> Global Options. Click on SSH2, then under "Public key", select "Use identity or certificate file", and enter the file location of your private key. To start using public-key authentication, go to session properties. Under SSH2, escalate PublicKey to be the first authentication method. (Interestingly, the PuTTY private key works with SecureCRT v7.x, but not with v6.x. Go figure.)
For PuTTY, load your saved session, then go to Connection --> SSH --> Auth. Configure "Private key file for authentication", then save your session. Obviously, you have to do this for all your saved sessions.
SecureCRT also has the capability to generate SSH keypairs (under Tools). The key generation wizard gives you the option of two private-key formats: VanDyke Private Key format or OpenSSH Key format. If you plan to use the OpenSSH private key generated by SecureCRT with PuTTY, you'll have to convert this first to the proprietary PPK format using PuTTYgen.
No comments:
Post a Comment