Been reading up on the use and creation of public and private keys on a windows machine

[G+_Rud Dog]

Been reading up on the use and creation of public and private keys on a windows machine. So far it appears and I was not aware of this fact, you can use puttygen to create your keys.

The private key is stored on your computer and can have a passphrase to protect it, not sure how this does that but better safe ...etc.

Once use of the keys is for logging (ssh) into a lets say unix machine without having to provide the password. In this case you store the public key on the unix machine in a certain location. Still working on the basics of where and how to store the public key.

Also there was a hint of another use which I am still trying to figure out and that is encrypting communications between friends and family.

Any input on tutorials for this project that will steer me in the correct and safe way to do this is appreciated.

[G+_Jeff Brand]

Here's a tutorial for the first part. https://www.howtoforge.com/ssh_key_based_logins_putty

 

I do this regularly but I don't specify the username if I have multiple logins on a server. Also, the public key goes into a file name authorized_keys, not authorized_keys2.

[G+_Rud Dog]

Thanks Jeff on my way to watch.

[G+_Rud Dog]

My first comment concerning this great tutorial is:

Recommends using 1024 for Number of bits in a generated key while the default is 2048 and some recommend 4096. Thoughts?

[G+_Rud Dog]

Hmm followed the tutorial to the Tee but got :

Server refused out keyenter password.

Now guess i need tutorial on how to back out and start over not sure if it is as simple as deleted the public key on my unix box and deleted the pub and private key on my windows machine?

[G+_Jeff Brand]

Higher is more secure. I think the tutorial is older. I'd consider 2048 the minimum unless you have software incompatibilities. It depends on what you consider "secure enough."

[G+_Rud Dog]

One note tried 4096 as the only difference between the tutorial steps I entered would this cause the refusal of our key?

[G+_Jeff Brand]

Make sure file and folder permissions are set correctly. sshd cares if you leave permissions open and won't bother trying.

 

Also make sure PuTTY loads the key during the session.

[G+_Jeff Brand]

Make sure file and folder permissions are set correctly. sshd cares if you leave permissions open and won't bother trying.

 

Also make sure PuTTY loads the key during the session.

[G+_Rud Dog]

If memory serves and i will double check there were 2 permissions set one was 700 and the other was 600. This during the tutorial steps.

How do you check if putty loads the key during session?

Appreciate you time and help.

[G+_Jeff Brand]

If prior to connection it's not loaded into Connection -> Session -> Auth -> Private key file for authentication, then you're not sending the key.

 

Not sure if you're prompted for password-protected ones.

 

You're welcome.

[G+_Rud Dog]

When I browse to the private key and select it it shows in the window next to the browse selection. But when I close and reopen the putty  its blank not showing previous browsed location of the private key.

[G+_Jeff Brand]

Exactly. The configuration needs to be saved as a profile. Otherwise, it will only work for the next connection made with that window.

[G+_Rud Dog]

Thinking you are absolutely correct what I find odd is while seeing the path to the key and running the ssh connection it says in the newly opened Terminal window; Using username "root" which is fine that option to have it use that username was configured in putty. But it goes on to say:

Server refused out key.

Then requests:

root@192.x.x.x's password:

of course when entered it works fine.

The point making here is the path when I loaded and ran ssh from putty was visible to my key it is subsequent uses that I find the path not in the entry box.

Looking for information on line as to what happens if I delete the private and public key from my windows machine and the linux machine and start over?

[G+_Steve Martin]

Ok, so a couple of things. You do need to save the Putty session as a profile so that every time you use that Profile the key will be used. Putty does NOT save profiles automatically. You have to specifically save the profile manually every time you make any change.

 

If the public key is not installed in the unix systems .ssh/authorized_keys file then you will be prompted for a password instead. If the unix system is properly configured to disallow password login, then you will be denied connection.

 

The basics should be: create the private and public key on your client computer. Copy the public key to the authorized_keys file on the unix machine. Make sure the permissions are set accordingly on unix:

 

chmod 700 .ssh

chmod 600 .ssh/authorized_keys

 

Hope that helps

[G+_Rud Dog]

Thanks Steve, always great to hear from those that have gone before me on projects of this sort.

After reading your instructions it appears everything is in order the profile was saved both for connection, username and private key path using browse key.

The only thing which does not match based on reading the detailed instructions is the first time I browse to set the private key it shows up left of the browse key when saved. Now If I go back after saving the path it is still visible, the path to my private key. If I close out putty and relaunch it drill down to the location where I set the path with the browse key it no longer shows up, even though I saved it after the fact.

This is the only step which differs from the instructions followed oh and changing the 1024 to 4096 as mentioned in my previous responses. If these 2 steps could cause the problem then it is solved.

Otherwise have to wonder what happens if I delete the public key on my linux box and delete the private key from my Windows 8 PC?  If is ok can try the whole process over again and more closely document my steps.

[G+_Rud Dog]

Turns out my linux requires a different location for the key. Now what I am seeing each ssh connection is requesting the paraphrase once entered the login successfully finishes without the username and password.

Why is it asking for the paraphrase for each ssh login?

[G+_Jeff Brand]

Your private key is encrypted with a password. PuTTY needs that in order to access the private key for use. The utility Pageant (same author, download page) will cache the authenticated password to avoid needing it every time, or you can choose not to password protect your private key.

 

I choose the latter and protect my laptop accordingly.

[G+_Rud Dog]

Thanks Jeff its decision time.