At my day job I’m pretty much trapped all day in front of either a Windows PC Desktop or a Windows PC Laptop shelled into lots and lots of UNIX systems. So I’m forced to use PuTTY for all my shelling and terminal needs. We have roughly 60+ systems that we have to login to on a day to day basis, so maintaining all of this within PuTTY’s little dialog box can be a bit trying. Not to mention having to scroll through the PuTTY window every time I want to login to yet another UNIX system. So here are some tips on how I manage to do all this.

Getting Started

The first thing I usually do, after installing PuTTY, is install an addon to PuTTY called, PuTTY Session Manager

PuTTY Session Manager (PSM) is a tool that allows system administrators to organize their PuTTY sessions into folders and assign hot keys to their favorite sessions. This is designed for MS Windows and requires the .NET 2.0 Run time.

Session Management Window

Generate a Public/Private Key Pair in PuTTY

Now we’re going to set PSM aside for a minute and we’re going to setup a public/private SSH key pair. This key pair will give PuTTY the ability to login to hosts without having to provide your UNIX password every time, but do it in a manner that doesn’t force you to expose passwords in an unsafe way.

PuTTY’s key management is handled by 2 tools, PuTTYgen & Pageant. PuTTYgen manages the creation and overall management of keys, while Pageant is an SSH authentication agent, that holds your private keys in memory, already decoded, so that you can use them without having to re-type passphrases over and over.

Here is a full list of all of PuTTY’s tools:

PuTTY Utilities

To start PuTTYgen, launch the executable puttygen.exe, and do the following:

• set the type of key to generate to SSH-2 RSA
• set the number of bits in a generated key to 2048
• click the Generate button

Now you need to move your mouse around within the PuTTYgen dialog box to create a stream of random data that PuTTYgen will use to create a random set of keys. After doing this monkey dance for a bit your dialog should look like this:

Generated Key

Now comes the tricky part. You need to save this key into a couple of different formats:

• private key
• public key
• openssh key
• authorized key

Granted you only really need 2 of these 4 key files, i.e. private key & authorized key, but it’s generally easier to just save all the files now, rather than try and come back and do them later.

I’m going to label the keys using a number thusly:

• 1 = private key
• 2 = public key
• 3 = openssh key
• 4 = authorized key

I usually generate a separate set of keys per computer, in case I need to revoke the key later on. In my example that follows, I generated a set of keys for my laptop, a dell D620. To help make it easier to manage the key sets, I usually mix in bits of info about the hardware just to make it easier to keep straight which set of key files goes with what.

4 Key Files

In case it isn’t obvious, the format of my key file naming convention starts out like this:

<machine name/type> _id_ <rsa|dsa> _ <version #>

So in this example, the base portion of the name of each of the 4 files would be dell_d620_laptop_id_rsa_1. This tells me:

• which system the keys belong to (i.e. the dell d620 laptop)
• the key is of type rsa
• and the 1 suffix tells me this is the first key I’ve ever generated for this particular system.

NOTE: The suffix would become a 2, for e.g. if I needed to revoke/replace the 1 set of keys.

Now back to the PuTTYgen app. You can generate the key files (1-3) in the above screenshot by clicking the appropriate buttons or using the appropriate pull-down as in the following screenshot:

Saving the Key Files (1-3)

The 4th key, authorized key, is a little trickier to get. You have to select all the text in PuTTYgen’s main dialog window and paste it manually into a text file. Here’s a screenshot of the text being selected, and copied.

Contents of the 4th Key File Being Selected & Copied

I then usually go into Window’s File Explorer and manually create a new text file, and then name it according to my naming convention above, i.e. dell_d620_laptop_id_rsa_1_authorized_key.pub. I then open the file in wordpad/notepad and paste the contents from PuTTYgen into this file. When you’re done the file should look similar to the one in the following 2 screenshots.

Authorized Key File 1/2

Authorized Key File 2/2

At this point you’re done with PuTTYgen so you can go ahead and close it. Again you should have the following 4 key files.

4 Key Files

Setting up PuTTY Session Manager

Next you need to launch PSM, by double clicking its icon:

You most likely will be presented with PSM’s Option dialog box, and the General Tab should be selected. Make your General Tab look like this one:

PSM’s Option Dialog (General Tab)

Also make sure that the location of PuTTY is configured properly, by clicking the Locate putty.exe button. When your done move to the Pageant Tab by clicking it.

PSM’s Option Dialog (Pageant Tab)

Again make your Pageant Tab look like the one in the above screenshot. Double check the location of pageant.exe by clicking the Locate button. Additionally go ahead and click the Add key button, and add the private key that you created previously, i.e. the dell_d620_laptop_id_rsa_1.ppk file. Finally go ahead and launch Pageant via the Launch Now button.

You should now have 2 new icons in your notification area on the taskbar, like this:

PSM & Pageant in the Notification Area of the Taskbar

The Pageant icon looks like this:

and the PSM icon looks like this:

Double clicking on the Pageant icon will bring you to Pageant’s Key List dialog. From here you can add/remove private key files that you want to have Pageant manage.

Now right click on PSM’s icon. Through this icon you can launch shells or add new hosts to PuTTY. For example, you can launch a PuTTY shell by navigating to the Load Session menu item, as in the following 2 screenshots:

Right Clicking Icon 1/2

Right Clicking Icon 2/2

If you want to see PSM’s Tree View, then double click on its notification icon with the left mouse button. Doing this will show you a view similar to this screenshot:

Left Clicking Icon

I usually use this dialog, Tree View, to create groups to help organize my hosts. One unusual thing with PSM is that you can’t create an empty group. So I usually make sure that I have at least one host created for each group that I’m going to want to create. I then put one of these hosts into the new group, and then go on to create & add more hosts to the group once it’s created.

Setting up authorized_keys File on UNIX Hosts

There is one final piece that needs to be taken care of so that automated logins works. You need to make sure that there’s a .ssh directory on the UNIX host that your logging into. The .ssh directory should exist in the home directory of what ever user your logging in as. So, for example, I have a UNIX account called user1. Its home directory is located at: /home/user1. So the .ssh directory should exist here: /home/user1/.ssh.

1
2
3
4
5
6
7
8
9

# example .ssh directory
% tree ~/.ssh
/home/user1/.ssh
|-- authorized_keys
|-- id_dsa
|-- id_dsa.pub
`-- known_hosts
 
0 directories, 4 files

The only must have file in this directory is the authorized_keys file. This file contains the string that we pasted into the file dell_d620_laptop_id_1_authorized_key.pub. The intent of authorized_keys, is to maintain a list of all the keys that are allowed to be used by user1 on a given UNIX system, so make sure you don’t just overwrite it with your dell_d620_laptop_id_1_authorized_key.pub file!

ONE FINAL NOTE: It’s critical that the permissions are correct on both the ~/.ssh directory and the authorized_keys file. They should be exactly like this:

1
2
3
4
5
6
7

# ~/.ssh permissions
% ls -la ~ | grep .ssh
drwx------   2 user1  user        4096 Apr 17 21:40 .ssh
 
# ~/.ssh/authorized_keys permissions
% ls -la ~/.ssh | grep authorized
-rw-r--r--  1 user1 user  612 Mar 23 00:48 authorized_keys

Transferring Your Setup to Other Computers

Once everything is in place and you’ve organized all your login info with PSM, how do you copy it to another Windows PC so you don’t have to recreate it? Surprisingly there is no configuration file that PSM maintains with all your customizations. They’re stored in Windows registry keys. So to copy your PuTTY + PSM setup to other computers, you can use this tip that I found over on antonperez.com

1

regedit /e "%userprofile%\desktop\putty-registry.reg" HKEY_CURRENT_USER\Software\Simontatham

Once this command completes you’ll need to copy the generated file, putty-registry.reg, to another system and double click the file to install it into the 2nd system’s registry.

Closing Thoughts

I realize this is a fairly long post, and I think it highlights how unnecessarily complex Windows, with its GUIs, makes something more than it needs to be. Doing everything I did here from the command line with some shell aliases would’ve taken up probably a quarter of the space that this post took, and arguably would’ve been a better solution. But if you’re in the unfortunate situation of having to use a Windows Desktop, this solution helps get the awkwardness of Windows out of the way so that you can focus on what’s important, maintaining all those UNIX systems 8-).