Authentication with keys in Putty

Password is enough, isn’t it?

Lazy people are supposed to be the most productive. That’s probably not true for everyone. I’m sure a certain amount of due diligence is part of it. So if, like me, you’re annoyed by every job where you have to do exactly the same thing more than twice, you’ll look for a way to automate such work steps. The possibilities of the Unix world are exemplary here.

While working with the RevPi I was annoyed after a short time by having to enter the password in Putty again and again. At least for experimental use, you can make your work much easier here by storing a key instead of a password.

Generating The Keys

Putty comes with a small tool called puttygen, which is responsible for key generation. For my current work I left the default settings (RSA and 2048Bit). For security issues in the experimental stage these are more than enough. Just click on Generate and, as you can read, fiddle around a bit with the mouse. Moving the mouse creates entropy from the PC’s point of view and contributes to good keys.

Screenshot of PuTTY Key Generator (puttygen) while creating a new key pair

After the key was created, I connected to the RevPi and created a new file for the keys with nano ~/.ssh/authorized_keys2. I copied the public key from puttygen into it. This works by selecting the public key in puttygen (the contents of the box under “Public key for pasting into OpenSSH authorized_keys file:“) and right-clicking and copying it.

Screenshot of PuTTY Key Generator showing the new public key for clipboard copy

In Putty (with the nano open), simply right-click in the text area. Exit nano with Ctrl-X and answer the question for saving with “y”.

Screenshot of editor nano, in which the new public key is inserted

After the public key is stored on the RevPi, the private key must still find its way into Putty. The private key can be secured with a passphrase. From a security point of view this is definitely recommended. For experimental operation, a password is usually not necessary. After all, I don’t want to have to deal with that annoying password.

On the PC I created a directory .ssh analogous to the RevPi and saved the key there by Save private key. puttygen considers a private key without passphrase to be questionable and therefore asks again if you really want to save the key without passphrase, which I of course answered with Yes. I named the key revpi_connect_<serial number> to keep the overview when using several RevPis. However, both the directory and the file name can be chosen freely.

Setting Up Putty

First of all the current SSH session should be terminated and Putty should be started again. Select configuration (or set it up if not already done). Then enter “pi” under Data > Auto-login > Auto-login username.

Screenshot of PuTTY Configuration showing where to type in the Auto-login username

Click on Browse in SSH > Auth and select the private-key.

Screenshot of PuTTY Configuration showing where to set up the private key

Do not forget to save, so back to Session and Save. Now the session can be opened as usual and no username or password should be requested anymore.

Operating Putty via command line

Putty can also be controlled via the command line. So if clicking around all the time is too annoying or e.g. you want to include the dial-in in a script you can start a session with putty -load <session-name>. Alternatively Putty can be called directly with the parameters for configuration: putty -i <Path to private key>\<private key.ppk> pi@192.168.178.32. If the path or the file name contains spaces, put it in quotation marks (“”).

If the directory in which the key is located is synchronized with OneDrive – as in my case – make sure the path is correct. This would be something like C:\Users\<user>\OneDrive – <xyz>\<Path to private key>\private key.ppk. This is where Windows tricked me for a while, because the folders for documents etc. are usually located directly under “C:\Users\<user>\…”. The ways of Microsoft are quite unfathomable…