Print this article Edit this article
SSH Key Authentication (Windows)
Step By Step Instructions
In order to authenticate using public and private keys, perform the following steps:
- Create a key-pair on the client workstation.
- Add the public-key of the key-pair on the server.
- Test logging on to the server from the client.
Create a key-pair on the client workstation
From the client workstation, start by invoking the Windows application Secure CRT. Create a key-pair using the menu item Tools ⟶ Create public key.... This command will compute a key-pair and deposit the key-pair into the Personal directory.
![win01.jpg Create public key...](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win01.jpg)
Key Generation Wizard. Click Next >.
![win02.jpg Key Generation Wizard](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win02.jpg)
Select the type of public key to generate. Click Next >.
![win03.jpg Select the type of public key to generate](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win03.jpg)
Enter a passphrase. It is very important to use a passphrase when creating the key-pair! Click Next >.
![win04.jpg Enter a passphrase](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win04.jpg)
Select the length of your key pair. Click Next >.
![win05.jpg Select the length of your key pair](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win05.jpg)
The key is now being generated. Click Next >.
![win06.jpg The key is now being generated](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win06.jpg)
Choose a directory and filename. Click Finish.
![win07.jpg Choose a directory and filename](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win07.jpg)
At the prompt Would you like to use this key as your global public key, click Yes.
![win08.jpg Use this key as your global public key](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win08.jpg)
Set SecureCRT To Use Public Key
Next, set the default session to use PublicKey as the highest priority authentication type. Change the session using the menu item Options ⟶ Edit Default Session....
Click Category: ⟶ SSH2.
Click Authentication ⟶ Password.
Click the down arrow â–¼ once to move Password below PublicKey.
Click OK.
![win09.jpg Change priority](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win09.jpg)
At the prompt Do you want to apply the changes that you made to the default session to ALL of your sessions, click Change Default session only.
![win10.jpg Apply default session changes](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win10.jpg)
Add the public-key of the key-pair on the server
From the server, add the public key to the list of keys authorized to use the account. Each line in the ~/.ssh/authorized_keys lists the public-keys that are authorized to log-on to the server account. Then only those users have a copy of the key-pair will be authorized to use the server account. There can be multiple public keys listed in the file.
Tell Secure CRT to export the public key from your newly created key-pair. Check the global options using the menu item Options ⟶ Global Options....
Click Category: ⟶ SSH2.
Click Export Public Key....
![win11.jpg Global Options](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win11.jpg)
On the Export Public Key prompt, click Copy Text, then click Close.
On the original Global Options prompt, click Cancel.
![win12.jpg Export Public Key](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win12.jpg)
Next, place the public-key, now stored in the clipboard, into your account's ssh configuration. Log on to the server by using Quick Connect.
In the Quick Connect prompt, enter the Hostname and Username settings for your server, and click Connect.
![win13.jpg Quick Connect](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win13.jpg)
If this is the first time you've connected to your server, SecureCRT will ask if the host key should be saved to your configuration. Click Accept & Save.
![win114.jpg New Host Key](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win114.jpg)
Because the server doesn't have your public-key record yet, it will fail to log-on using PublicKey authentication. This is normal. Click on Skip.
![win115.jpg Public Key Authentication Failed](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win115.jpg)
Next, SecureCRT will prompt for your password. Enter the password and click OK.
![win121.jpg Enter Secure Shell Password](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win121.jpg)
Once the initial login is complete, the next step is to copy the public-key, from the clipboard, into a file call ~/.ssh/authorized_keys. Perform the following typed-in commands into the Window:
-bash-4.2$ mkdir .ssh
-bash-4.2$ chmod 700 .ssh
-bash-4.2$ cd .ssh
-bash-4.2$ echo (then click on Edit ⟶ Paste) >>authorized_keys
-bash-4.2$ logout
Test logging on to the server from the client
Test to see that key-pair authentication is working. This time when logging on to the server, instead of prompting for the UNIX password, SecureCRT will prompt for the passphrase used to encrypt the private key of the key-pair. If the right passphrase is entered, the server ought to authorize the log-on because (1) it knows that the public-key is allowed access by being listed in the ~/.ssh/authorized_keys file, and (2) that the client SecureCRT program knew the private key.
Log on to the server by using Quick Connect.
In the Quick Connect prompt, enter the Hostname and Username settings for your server, and click Connect.
![win13.jpg Quick Connect](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win13.jpg)
Next, SecureCRT will prompt for your passphrase, the one entered when creating the key-pair. Enter your passphrase and click OK.
![win119.jpg Enter Secure Shell Passphrase](https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHKeyAuthenWindows/win119.jpg)
If this is successful, then congratulations! You will no longer need to log-on with your career account password or Purdue 2FA.
Last Modified:
Jun 26, 2023 3:13 pm GMT-4
Created:
Oct 15, 2020 3:51 pm GMT-4
by
admin
JumpURL: