LOGO

SSH Hop with Key Forwarding from Windows - A Guide

November 30, 2012
Topics:FeaturesLinuxFiles
SSH Hop with Key Forwarding from Windows - A Guide

Simplifying SSH Key Management on Windows

Encountering difficulties when working with SSH keys from a Windows environment is a common experience.

The process can quickly become cumbersome for many users.

Leveraging the PuTTY Suite for Seamless Integration

HowToGeek (HTG) provides a comprehensive guide detailing methods to streamline SSH key operations on Windows.

Their approach centers around utilizing the versatile PuTTY package suite.

This suite offers tools designed to make the process more manageable and user-friendly.

Benefits of Using PuTTY

  • Enhanced transparency in key generation and usage.
  • Simplified key management compared to native Windows tools.
  • A robust set of utilities for various SSH-related tasks.

By following HTG’s instructions, users can achieve a more efficient workflow when connecting to remote servers via SSH from Windows.

The article aims to reduce the friction often associated with SSH key authentication on this operating system.

Image credit: kaneda99.

Establishing Secure Shell Connections from Windows

This guide details the process of connecting to a Linux system from a Windows environment using SSH and your public key. We will utilize PuTTY and WinSCP for this purpose. Furthermore, we will configure port forwarding.

This capability allows seamless transitions from the initially connected machine, secured by your key, to additional machines that also support key-based SSH authentication. It's assumed that you have already successfully placed your public key on the target Linux server; this procedure is not revisited here.

Essential Software Installation

To begin, ensure you have the necessary software installed on your Windows system.

  • Download and install the complete PuTTY package, rather than solely the executable file.
  • Consider installing WinSCP and mRemote as optional, but beneficial, tools.

PuTTY provides the SSH client functionality, while WinSCP offers a graphical file transfer interface. mRemote is a connection manager that can streamline access to multiple servers.

Installing the full PuTTY package is important as it includes supporting utilities like puttygen, which is useful for managing SSH keys.

Creating a Key Pair

If a key pair has not yet been established, and you prefer to generate it directly from your Windows computer, the "PuTTY Key Generator" – included with the "PuTTY package" – can be utilized.

  • Launch "PuTTY Key Generator" by navigating through the "Start" menu to "PuTTY" and then selecting "PuTTYgen".
  • Increasing the key length beyond the default of 1024 bits is advisable. Adjust the "bits" value at the bottom of the window from "1024" to "4096".
  • Initiate key generation by clicking "Generate" and moving your mouse cursor in a random pattern until the progress bar reaches completion. This process, known as "salting," enhances key security; therefore, maximize the randomness of your mouse movements.
how-to-ssh-hop-with-key-forwarding-from-windows-1.jpg

After the key generation process is finished, proceed to the next step.

  • On the "Key Comment" field, modify the default text to a more descriptive identifier, such as your name.
    • how-to-ssh-hop-with-key-forwarding-from-windows-2.jpg
  • Setting a passphrase for the private key is strongly recommended, even though it isn't mandatory. This adds an extra layer of security should your private key become compromised.
  • Select "Save private key" to store the generated key.

    • Should you already possess a saved private key, you can retrieve the public key component by loading the existing key into the generator using the "load" function.

    Utilizing the Key-quartermaster: Pageant Configuration

    The Pageant program, included with the PuTTY installation, functions as a key storage solution. It provides your keys to applications like mRemote, WinSCP, and PuTTY as needed, streamlining secure connections.

    • Launch Pageant from the Start menu. It may minimize to the system tray upon execution.
    • Should it reside in the system tray, double-click its icon to reveal the main window.
    • Select "Add Key" and locate your saved Key Pair file.
    • If prompted, enter the corresponding passphrase.

    Once completed, PuTTY, WinSCP, and any applications utilizing them as a front-end – such as mRemote – will automatically consult Pageant for available keys during connection attempts.

    Automated Key Loading at System Startup (Optional)

    The standard process necessitates repetition following each system reboot, as Pageant does not inherently retain loaded key configurations. To enable automatic loading upon startup, consider one of the following approaches:

    1. If Pageant has established an association with the .ppk file extension, simply adding the key files to the Windows "Startup" folder may suffice.
    2. Create a shortcut to the program, incorporating the key files as parameters. For instance, a shortcut targeting two keys could be configured as follows: "C:\Program Files (x86)\PuTTY\pageant.exe" "C:\Users\AviadR\Documents\aviad's 4096.ppk" "C:\Users\AviadR\Documents\aviad's 1024.ppk"
    • Subsequently, add this shortcut to the Windows startup sequence.

    Enabling SSH Agent Forwarding (PuTTY/mRemote)

    This configuration is not mandatory, but it permits you to initiate further SSH connections from a remote machine, utilizing the same key. To implement this feature:

    • Open the PuTTY application.
    • Navigate to "Connection" -> "SSH" -> "Auth".
    • Ensure the "Allow agent forwarding" checkbox is selected.
    • Return to the "Session" category.
    • Choose the "Default Settings" entry.
    • Click "Save" to preserve the changes.

    Enabling SSH Agent Forwarding (WinSCP)

    For further details on this subject, please refer to our comprehensive guide on SSH agent forwarding.

    • Within a new WinSCP connection tab, activate the "Advanced options" checkbox.
    • Proceed to "SSH" -> "Authentication".
    • Check the "Allow agent forwarding" checkbox.
    • Access the "General Options" by selecting "Preferences" -> "Preferences".
    • Configure WinSCP to invoke PuTTY with the forwarding option by navigating to "Integration" -> "Application" and appending the "-A" command-line option.
    • You can then establish this as a template for future connections by returning to "Session" and inputting any consistent connection details, such as Username and IP address, before saving the session.

    Final Thoughts from the Author

    Although some advocates maintain that serious SSH operations should be conducted on a Linux system, the prevailing market reality – as highlighted by Ubuntu bug #1, concerning Microsoft's desktop dominance – remains unchanged. A complete transition to the Linux desktop may occur eventually, but it is not imminent, particularly for seasoned shell users.

    Spike: Is my service complete, and am I now free to depart?

    SoundWave: You are free to go, to Cybertron...

    #SSH#SSH hop#key forwarding#Windows#remote access#secure shell