Problem: Now that PuTTY is installed, we need to learn how to utilize it for invoking remote interactive connections from a Windows host to a UNIX server running OpenSSH.
Now that PuTTY is installed, it can be used to connect to remote machines running the OpenSSH server. The graphical component of PuTTY is used to connect to remote machines and create a telnet or rlogin-like shell session.
On the left side of the configuration window is a list of categories. Clicking on any of the categories will display in the right-hand window the different options that are configurable for the SSH session. PuTTY comes with a very useful help file that describes each of the options in detail. Except for the SSH version specification, the default for each option is reasonable and secure, so the majority of them should not have to be changed.
SSH version 1 has known weaknesses and should be avoided. Select SSH version 2 only by clicking on the SSH category and selecting 2 only from the Preferred SSH protocol version , as shown below.
The upper section of the window will display an entry for the Host Name or IP address of the machine to which you wish to connect, the Port Number on which the service is listening and which protocol to use. Since we want to create an SSH session, make sure SSH is selected and type in the Host Name or IP address of the machine to which you wish to connect. Leave the Port Number set to 22 as this is SSH's default port.
OPTIONAL |
Below the connection settings is an area where you can load, save or delete sessions. To save a session, type a name for the session in the area below the Saved Sessions text and click on the Save button. The name you have given the session will appear and can now be recalled by either double-clicking on the name or selecting the name and clicking on the Load button. This is to provide a way to quickly recall settings for specific sessions. |
If PuTTY is successful, a terminal window with an empty black background and a PuTTY Security Alert, as shown below, will appear. The security alert is telling you that you have not connected to this machine before and the machine's host key has not been seen before. This message is normal for the first time connecting to a server via SSH. Afteryou contact the administrator or a user of the machine to verify that the server's key fingerprint is correct, click the Yes button. The administrator or user can verify the server's key fingerprint by executing the following command on the server:
$ ssh-keygen -l -f file
Where file is the name of the host's public SSH key, such as /etc/ssh/ssh_host_key.pub . The result will look similar to the following and should match the key fingerprint previously given:
1024 7d:7a:5b:55:0a:20:46:65:07:04:b4:b5:60:d3:82:1e
Keep in mind that the fingerprint must be transmitted in a secure manner (i.e. by a phone call to the administrator of the remote system), since SSH relies on these keys and the fingerprint is the simple proof for a valid key. For obvious reasons, SSH does not provide a way to fetch such fingerprints remotely from an SSH server.
If the connection is not successful, a black window will appear after you click the Open button, but instead of the expected PuTTY security alert, a timeout error will appear.
SECTION I - Obtaining, Compiling and Installing OpenSSH
SECTION II - How to Use OpenSSH Clients for Unix-to-Unix Connectivity
SECTION III - How To Use PuTTY/WinSCP For PC-To-Unix Connectivity
SECTION IV - Using Public Key Authentication
SECTION V - Troubleshooting SSH Connections
SECTION VI - Advanced SSH Topics
Conclusion
Appendix - Sample sshd_config File