Do you have the need to work with SSH keys from Windows and you find that this becomes a hassle very quickly? HTG goes into how to make the process as transparent as possible, using The PuTTY package suite.

kaneda99提供的图像。

概述

在本指南中，我们将解释如何使用Putty&Winscp使用公钥从Windows SSH到Linux机器。此外，我们将启用转发选项。这将允许您继续从用密钥连接的机器跳转到另一台支持用密钥进行SSHing的机器。我们将不讨论如何在Linux机器上放置公钥，因为我们已经讨论了这个主题。

安装基本程序/软件包

• 获取PuTTY包（不仅仅是可执行文件）并安装它。
• （可选）获取程序WinSCP和mRemote，并安装它们。

Generate a Key pair

If you haven’t created a key pair yet, and you want to do it from the comfort of your Windows desktop, you can use “PuTTY Key Generator” which was installed as part of the “PuTTY package“:

• Open “PuTTY Key Generator” by going into “Start” -> “PuTTY” -> “PuTTYgen”
• While not required, it is recommended that you change the length of your key from the default 1024. Change the number of “bits” at the bottom from “1024” to “4096”.
• Click “Generate” and move your mouse around randomly until the bar reaches 100%. This “salts” your key, so try to make your mouse movements as random as possible.
• Once the program is done generating the key,
• On the “Key Comment” line, change it to be something more useful like your name. For example:
• While not required, it is highly recommended that you set a passphrase on the private key. This will protect your private key in case some one gains access to it and you will only be bothered with entering once at machine boot up, if you perform all the steps in the guide.
• Click on “Save private key”.

Note: If you already have a saved private key, you can “extract” the public portion by “load”ing it with the generator.

Configuring the Key-quartermaster

The “Pageant” program that was installed as part of the PuTTY package, can store your key/s and give them to mRemote, WinSCP and PuTTY as required.

• Open “Pageant” from the start menu. (Note: it may run off to the system tray)
• If it has run off to the system tray, double click it, to bring up the main window.
• Click “Add Key” and give it your saved Key Pair.
• If need be, provide the passphrase.

Done, from now on, Putty, WinSCP and any program that serves as a fronted for them (like mRemote) will first c***ult with the Pageant program if there is a key to use for the connection.

Loading Keys automatically at startup (Optional)

The process above needs to be repeated after every machine reboot, as Pageant doesn’t save loaded key configurati***. To have it load the configuration automatically at startup, you can use one of the two methods below:

1. Assuming you’ve allowed Pageant to take over the ppk suffix, you should be able to simply add the key files to the Windows “startup” folder.
2. Create a shortcut to the program that passes the key-files as parameters.  For example, the “Target” command for two(2) keys would look like: “C:\Program Files (x86)\PuTTY\pageant.exe” “C:\Users\AviadR\Documents\aviad’s 4096.ppk”  “C:\Users\AviadR\Documents\aviad’s 1024.ppk

• Then, add this shortcut to window’s startup.

Enable SSH Agent forwarding (PuTTY/mRemote)

此配置是可选的，但这样做将允许您在SSH到一台计算机后继续，并使用相同的密钥从它SSH到下一台计算机。为此：

• 打开油灰。
• 在“Connection”->“SSH”->“Auth”下。
• 选中“允许代理转发”。
• 返回“会话”
• 选择“默认设置”项。
• 点击“保存”。
• 完成。

启用SSH代理转发（WinSCP）

• In a WinSCP new connection tab, Enable the Advance opti*** checkbox.
• Go to the “SSH” -> “Authentication”.
• Check the “Allow agent forwarding” checkbox.
• Go to the “General Opti***” by clicking on “Preferences” -> “Preferences”.
• Enable Putty to be invoked with the  forwarding option by going into “Integration” -> “Application” and appending the “-A” CLI option.
• You can now make this the template for subsequent connecti*** by going back to “Session” and typing in, the basic information that you know will be uniform across all connecti*** (if any), like Username, IP, Etc’. Then “save” the session.

Author’s Notes

While purists, will say that any serious SSHing, should be done from a Linux machine, the reality is that Ubuntu’s bug #1 “Microsoft has a majority desktop market share”, still holds true. maybe one day we’ll move to the Linux desktop completely, but that day will not be today and not for the 35 year old shell.

斯派克：所以我想我服刑了，我可以走了？声波：自由行动，塞伯坦…