Step 4.6 How to use PuTTY Passphrase Agents

Action 4 6 1 Use Pageant to store your private keys in memory

To make public key authentication more convenient , the developers of PuTTY created Pageant.

Pageant is a program included with PuTTY that will keep your decrypted private keys in memory so you only have to enter your passphrase once rather than every time you authenticate to a server using public key authentication.

While this will make your day-to-day use more convenient, please keep in mind that it also poses a slight risk, since other applications (including viruses) might be able to access these decrypted keys in memory.

To use Pageant:

• Start Pageant by selecting it from the Start Menu . No windows will open , but the icon for Pageant will display in the system tray, as show below. Pageant's icon is the computer wearing the hat.

  

• Next, we need to load our private key into Pageant. Right click on the icon for Pageant in the system tray. A menu with a number of options will appear. Select Add Key .
• A dialog box will open and ask you to find and select the file containing the private key you wish to load. After you select the file, click the Open button.

  

• Next you will be prompted for the passphrase to unlock this key. Enter the passphrase and click on the OK button.

  

If the passphrase you entered was incorrect, you will be re-prompted.

Action 4 6 2 Verify Pageant has your private key stored

Now we should verify that the key is loaded into Pageant:

• Right click on the icon for Pageant in the system tray and select View Keys .
• A window titled Pageant Key List will open . This window lists all of the keys currently loaded into Pageant. From this window you can also add new keys or remove keys previously loaded.

  You should see the key that you loaded into Pageant listed in this window. If not, you should attempt to load your key into Pageant again.

  

Action 4 6 3 Using Pageant to automatically log in to a remote machine

Now that we have verified that our key is loaded into Pageant, we can attempt to log in to a remote machine automatically:

• Launch a new instance of PuTTY. With Pageant running, this can be done in a few different ways. First, you can open PuTTY by double clicking on the icon for PuTTY or by selecting it from the Start Menu .

  Second, if you have a session already saved for the server to which you wish to connect, you can right click on the icon for Pageant located in the system tray. There is an option in the menu labeled Saved Sessions which will open up to a listing of all your saved sessions. You can select the desired session from that listing and PuTTY will open and try to connect to the remote server you selected.

  Finally, if you do not have a session already saved, you can right click on the icon for Pageant in the system tray and select New Session from the menu. This will launch PuTTY into the configuration screen.

• If you are not using a saved session, enter all information needed to connect to the remote server in the PuTTY configuration screen. You do not have to select a private key. After you have entered all required information, click on the Open button.
• PuTTY will now attempt to connect to the remote server. If it is successful, it will ask you for the user ID to log in under as shown below:

  login as: sshuser
  

• After you enter the user ID, you should receive a message that you are authenticating with your public key as shown below:

  Authenticating with public key "sshuser@example.com" from agent
   Last login: Wed Jan 22 11:20:43 2003 from 192.168.1.10
   [sshuser@server.example.com]$
  

  When you were logging in to the remote server, PuTTY saw that Pageant was running and asked Pageant for the key to the remote server. Since the key for the remote server was loaded into Pageant and had already been decrypted, PuTTY was able to use the key to log in to the remote server.

Action 4 6 4 Using Pageant with command line tools

If Pageant is already running in the background, the command line tools that come with PuTTY will automatically detect this and will authenticate with Pageant. An example of PSCP copying a file to a remote server is shown below. The “v verbose option has been added to see PSCP communicate with Pageant:

C:>pscp --v test.txt sshuser@server.example.com:.
 Looking up host "server.example.com"
 Connecting to 192.168.1.10 port 22
 Server version: SSH-2.0-OpenSSH_3.1p1
 We believe remote version has SSH2 RSA padding bug
 We claim version: SSH-2.0-PuTTY-Release-0.53b
 Using SSH protocol version 2
 Doing Diffie-Hellman group exchange
 Doing Diffie-Hellman key exchange
 Host key fingerprint is:
 ssh-rsa 1024 41:61:b5:ab:c5:c5:01:46:ac:ef:a1:28:54:c0:1c:53
 Using username "sshuser".
 Pageant is running. Requesting keys.
 Pageant has 1 SSH2 keys
 Trying Pageant key #0
 Authenticating with public key "sshuser@server.example.com" from agent
 Sending Pageant's response
 Access granted
 Opened channel for session
 Started a shell/command
 Connected to server.example.com

 Sending file test.txt, size=1477
 test.txt 1 kB 1.4 kB/s ETA: 00:00:00 100%
 Sent EOF message
 Server sent command exit status 0

 C:>