Print this article Edit this article

SSH Key Authentication (Windows)

Step By Step Instructions

In order to authenticate using public and private keys, perform the following steps:

  1. Create a key-pair on the client workstation.
  2. Add the public-key of the key-pair on the server.
  3. Test logging on to the server from the client.

Create a key-pair on the client workstation

From the client workstation, start by invoking the Windows application Secure CRT. Create a key-pair using the menu item Tools ⟶ Create public key.... This command will compute a key-pair and deposit the key-pair into the Personal directory.

Create public key...

Key Generation Wizard. Click Next >.

Key Generation Wizard

Select the type of public key to generate. Click Next >.

Select the type of public key to generate

Enter a passphrase. It is very important to use a passphrase when creating the key-pair! Click Next >.

Enter a passphrase

Select the length of your key pair. Click Next >.

Select the length of your key pair

The key is now being generated. Click Next >.

The key is now being generated

Choose a directory and filename. Click Finish.

Choose a directory and filename

At the prompt Would you like to use this key as your global public key, click Yes.

Use this key as your global public key

Set SecureCRT To Use Public Key

Next, set the default session to use PublicKey as the highest priority authentication type. Change the session using the menu item Options ⟶ Edit Default Session....

Click Category: ⟶ SSH2.
Click Authentication ⟶ Password.
Click the down arrow â–¼ once to move Password below PublicKey.
Click OK.

Change priority

At the prompt Do you want to apply the changes that you made to the default session to ALL of your sessions, click Change Default session only.

Apply default session changes

Add the public-key of the key-pair on the server

From the server, add the public key to the list of keys authorized to use the account. Each line in the ~/.ssh/authorized_keys lists the public-keys that are authorized to log-on to the server account. Then only those users have a copy of the key-pair will be authorized to use the server account. There can be multiple public keys listed in the file.

Tell Secure CRT to export the public key from your newly created key-pair. Check the global options using the menu item Options ⟶ Global Options....
Click Category: ⟶ SSH2.
Click Export Public Key....

Global Options

On the Export Public Key prompt, click Copy Text, then click Close.
On the original Global Options prompt, click Cancel.

Export Public Key

Next, place the public-key, now stored in the clipboard, into your account's ssh configuration. Log on to the server by using Quick Connect.
In the Quick Connect prompt, enter the Hostname and Username settings for your server, and click Connect.

Quick Connect

If this is the first time you've connected to your server, SecureCRT will ask if the host key should be saved to your configuration. Click Accept & Save.

New Host Key

Because the server doesn't have your public-key record yet, it will fail to log-on using PublicKey authentication. This is normal. Click on Skip.

Public Key Authentication Failed

Next, SecureCRT will prompt for your password. Enter the password and click OK.

Enter Secure Shell Password

Once the initial login is complete, the next step is to copy the public-key, from the clipboard, into a file call ~/.ssh/authorized_keys. Perform the following typed-in commands into the Window:

-bash-4.2$ mkdir .ssh
-bash-4.2$ chmod 700 .ssh
-bash-4.2$ cd .ssh
-bash-4.2$ echo (then click on Edit ⟶ Paste) >>authorized_keys
-bash-4.2$ logout

Test logging on to the server from the client

Test to see that key-pair authentication is working. This time when logging on to the server, instead of prompting for the UNIX password, SecureCRT will prompt for the passphrase used to encrypt the private key of the key-pair. If the right passphrase is entered, the server ought to authorize the log-on because (1) it knows that the public-key is allowed access by being listed in the ~/.ssh/authorized_keys file, and (2) that the client SecureCRT program knew the private key.

Log on to the server by using Quick Connect.
In the Quick Connect prompt, enter the Hostname and Username settings for your server, and click Connect.

Quick Connect

Next, SecureCRT will prompt for your passphrase, the one entered when creating the key-pair. Enter your passphrase and click OK.

Enter Secure Shell Passphrase

If this is successful, then congratulations! You will no longer need to log-on with your career account password or Purdue 2FA.

Last Modified: Jun 26, 2023 3:13 pm GMT-4
Created: Oct 15, 2020 3:51 pm GMT-4 by admin
JumpURL: