This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
other:putty_conf [2020/07/28 13:03] jypeter Started adding content |
other:putty_conf [2023/03/23 09:32] jypeter [Adding more connection profiles] Improved |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Configuring and using PuTTY/Pageant ====== | ====== Configuring and using PuTTY/Pageant ====== | ||
- | PuTTY is a free and easy to use [[other:ssh|ssh client]] for **Windows** (7 and 10). You can use it to connect to your favorite remote Linux servers in text mode, and start graphical applications if you also have a running [[other:win10wsl#installing_an_x_server|X server]] | + | PuTTY is a free and easy to use [[other:ssh|ssh client]] for **Windows**. You can use it to connect to your favorite remote Linux servers in text mode, and start remote graphical applications if you also have a running [[other:x_conf|X server]] |
===== Installation ===== | ===== Installation ===== | ||
- | Download and install the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/|latest version of PuTTY]] | + | Official web site: [[https://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY Web site]] |
+ | |||
+ | You can install the latest version of PuTTY directly from [[https://apps.microsoft.com/store/detail/XPFNZKSKLBP7RJ|Microsoft Store]], or download the latest [[https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html|64-bit msi installer]] | ||
===== Launching PuTTY/Pageant ===== | ===== Launching PuTTY/Pageant ===== | ||
- | You could directly launch PuTTY, but it is actually more efficient to launch ''Pageant'', especially if you are often going to connect to the same server(s) | + | You could directly launch PuTTY (''Start'' => ''PuTTY'' => ''PuTTY''), but it is actually **more efficient** to launch ''Pageant'', especially if you are often going to connect to the same server(s) |
- | ''Start'' => ''PuTTY'' => ''Pageant'' | + | Starting ''Pageant'': ''Start'' => ''PuTTY'' => ''Pageant'' |
- | * It will seem that nothing happens, but you should get the //Pageant// icon at the bottom right of your screen\\ {{ :other:putty_01_notes.png?direct&200 |}}. Pageant will allow you to use existing connection profiles, and also easily use //ssh keys// (more on //ssh keys// later) | + | |
- | * If you right click on the //Pageant// icon, you can manage sessions with the New Session option, use existing Sessions and manage //ssh keys//.\\ If you double click on the icon, you can add a new ssh key.\\ {{ :other:putty_02.png?direct&200 |}} | + | * ''Pageant'' is an [[other:ssh#using_an_ssh_agent|ssh agent]] for Windows, but this page also explains how to use it for easily creating and using connection profiles (aka //Sessions//) to connect to remote Linux servers |
+ | * Some applications (e.g. [[other:win10apps#winscp|WinSCP]]) will automatically try to use ''Pageant'' as an //ssh-agent//, instead of asking you to type your [[other:putty_conf#using_ssh_keys|ssh passphrase]] | ||
+ | |||
+ | * It will seem that nothing happens when you start ''Pageant'', but you should get the ''Pageant'' icon at the bottom right of your screen.\\ {{ :other:putty_01_notes_v2.png?direct |}} | ||
+ | |||
+ | * If you right click on the ''Pageant'' icon, you can manage sessions with the ''New Session'' option, use ''Saved Sessions'' profiles and manage //ssh keys// (''View Keys'', ''Add Key'').\\ You can also view/add //ssh keys// by double clicking on the pageant icon\\ {{ :other:putty_02.png?direct |}} | ||
===== Configuring PuTTY ===== | ===== Configuring PuTTY ===== | ||
- | You can keep most PuTTY's default settings. This section will show you how to create your first //session profile//, with some useful options. If you want to add other sessions, just Load an existing (and properly configured) session, and save it under a new name | + | Launch the PuTTY Configuration manager: (Right click on) ''Pageant'' => ''New Session''\\ {{ :other:putty_03.png?direct&300 |}} |
+ | |||
+ | * You can keep most PuTTY's default settings. This section will show you how to create your first //session profile//, with some **highly recommended options**.\\ \\ If you want to add another session later, just ''Load'' an existing (and properly configured) session, ''Save'' it under a new name, change the session details, and then save the session again. | ||
+ | |||
+ | * When changing a setting, select a (sub-)**Category in the left part** of the ''PuTTY'' Configuration window, and change the displayed **settings in the right part** of the window. | ||
+ | |||
+ | * <wrap hi>After changing the settings of an existing Session, **do not forget to go back to the //Session// category (at the top left of the Putty Configuration window) and click ''Save''!** | ||
+ | </wrap> | ||
+ | ==== Creating a new session ==== | ||
+ | |||
+ | In the ''Session'' Category: | ||
+ | * Specify a **Host Name**: e.g. ''ssh1.lsce.ipsl.fr'' for the //LSCE access server// (also called //LSCE gateway//) | ||
+ | * Specify a matching session name in **Saved Sessions**: e.g. ''ssh1'' | ||
+ | * Click on **Save** to save the new session (that will only have default settings for now)\\ {{ :other:putty_04.png?direct |}} | ||
+ | |||
+ | If you are in a hurry, you can connect to the Linux server specified in the //Host Name// field by clicking on **Open** | ||
+ | ==== Changing some useful settings ==== | ||
+ | |||
+ | * ''Load'' an existing session (e.g. the [[#creating_a_new_session|ssh1 profile]] defined above), that will serve as a **template (with the recommended settings)** for the future sessions | ||
+ | |||
+ | * In the ''Window'' => ''Selection'' category: | ||
+ | * Select **xterm** in the //Actions of mouse buttons// section.\\ This will allow you to use the mouse buttons in the PuTTY terminal the same way you would use them in an standard Linux //xterm// terminal: | ||
+ | * **Select** and **Copy** text (at the same time) with the **left button** | ||
+ | * **Paste** text with the **middle button**\\ {{ :other:putty_05.png?direct |}} | ||
+ | * In the ''Window'' => ''Appearance'' category: | ||
+ | * You can **choose a font more readable than the default one**!\\ We recommend the **Cascadia Code** font that comes with the [[other:win10apps#windows_terminal|Windows Terminal]] application (which means that you first have to **install //Windows Terminal// first**, but you will probably need it anyway) | ||
+ | * Use the ''Change...'' button in the ''Font settings'' section, and select ''Cascadia Code'' and ''Regular'' (you can also experiment with styles different from ''Regular'', and different font sizes)\\ {{ :other:putty_cascadia_font.png?direct |}} {{ :other:putty_cascadia_styles.png?direct |}} | ||
+ | * In the ''Connection'' => ''Data'' category: | ||
+ | * Specify your login name (on the LSCE servers) in **Auto-login username**. This way you won't have to type it when you connect to the Linux server!\\ {{ :other:putty_06.png?direct |}} | ||
+ | * In the ''Connection'' => ''SSH'' => ''Kex'' category: | ||
+ | * **<wrap hi>Unselect Attempt GSSAPI key exchange</wrap>**!\\ If you forget to do this, connecting to a server will seem to take forever (if it works at all)...\\ {{ :other:putty_gssapi.png?direct |}} | ||
+ | * In the ''Connection'' => ''SSH'' => ''Auth'' category: | ||
+ | * Select **Allow agent forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -A option]]\\ {{ :other:putty_07.png?direct |}} | ||
+ | * In the ''Connection'' => ''SSH'' => ''X11'' category: | ||
+ | * Select **Enable X11 forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -X option]]\\ Note: remember that you will also need an [[other:x_conf|X server running]] in order to display graphics!\\ {{ :other:putty_08.png?direct |}} | ||
+ | |||
+ | * When you have finished updating the settings, **do not forget to go back to ''Category'' => ''Session'' and Save the session**!\\ {{ :other:putty_09.png?direct |}} | ||
+ | |||
+ | * Click on ''Open'' to connect to the specified host with the updated settings, and check that things are working properly\\ The first time you connect to a server, you will get a ''PuTTY Security Alert'' window, where you have to click on ''Accept'' to tell PuTTY that you trust the connection to this new server\\ {{ :other:putty_new_host.png?direct |}} | ||
+ | |||
+ | ==== Adding more connection profiles ==== | ||
+ | |||
+ | [[other:putty_conf#launching_putty_pageant|Start Pageant]], and then the //PuTTY Configuration manager//: (Right click on) ''Pageant'' => ''New Session'' | ||
+ | |||
+ | === New profile for a direct connection to a remote server === | ||
+ | |||
+ | * Select an existing (and correctly configured) session (e.g. the [[#creating_a_new_session|ssh1 profile]] defined above) and click on **Load** | ||
+ | * Update the values of the **Host Name** and **Saved Session** (the name of the new profile you want) text fields, and settings | ||
+ | * Example: connecting to **LSCE from INSIDE LSCE**\\ (inside <=> computer connected to the wired network): | ||
+ | * ''Host Name'' => ''obelix'' | ||
+ | * ''Saved Session'' => ''obelix (direct connection)'' | ||
+ | * Example: connecting to [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|spirit]]: | ||
+ | * ''Host Name'' => ''spirit1.ipsl.fr'' | ||
+ | * You can also use ''spirit2'', ''spiritx1'' or ''spiritx2'' depending on [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|which IPSL server you want to access]] | ||
+ | * ''Saved Session'' => ''spirit1'' | ||
+ | * do not forget to **specify your IPSL login** in: ''Connection'' => ''Data'' => ''Auto-login username'' | ||
+ | * you will also need an [[other:putty_conf#using_ssh_keys|ssh key]] if you want to connect to one of the IPSL ''spirit'' servers !! | ||
+ | * Go back to ''Category'' => ''Session'' and <wrap em>**Save** the session</wrap> | ||
+ | |||
+ | === New profile with a connection through a gateway === | ||
+ | |||
+ | * Select an existing //gateway// session (e.g. ''ssh1'') and click on **Load**.\\ For connecting to LSCE **from OUTSIDE LSCE**, select the [[#creating_a_new_session|ssh1 profile]]\\ If you are at LSCE, but use the //eduroam// or the //guest// **WiFi network**, you are considered as being //outside LSCE//! | ||
+ | * In the ''Connection'' => ''SSH'' category, specify the command used to connect to the target server from the //gateway//, in the **Remote command** field\\ e.g. **for LSCE**, use: | ||
+ | * ''ssh -X -A obelix'' (check the [[other:ssh#standard_usage|useful ssh options]] for more details on the options)\\ {{ :other:putty_10b.png?direct |}} | ||
+ | * Go back to ''Category'' => ''Session'', <wrap hi>specify a new profile name</wrap> in **Saved Sessions** (e.g. ''obelix via ssh1'') and <wrap em>**Save** the session</wrap>\\ {{ :other:putty_11.png?direct |}} | ||
+ | |||
+ | ===== Daily usage of PuTTY/Pageant ===== | ||
+ | |||
+ | Note: PuTTY will ask your password each time you open a session, unless you have [[#using_ssh_keys|ssh keys, and you use Pageant to store your passphrase]] | ||
+ | |||
+ | ==== Starting a session from Pageant ==== | ||
+ | |||
+ | |||
+ | Once you have [[#launching_putty_pageant|started pageant]], and [[#using_putty_pageant|configured sessions]], you can easily open terminals on the remote servers by right-clicking on the pageant icon, and selecting a **Saved Session**. \\ {{ :other:putty_12.png?direct |}} | ||
+ | |||
+ | ==== Starting a session from a desktop shortcut ==== | ||
+ | |||
+ | It is possible to [[https://the.earth.li/~sgtatham/putty/0.77/htmldoc/AppendixA.html#QA.6.4|create a shortcut on the desktop to start a specific session]]! | ||
+ | |||
+ | * Right-click on the desktop and select ''New'' => ''Shortcut'' | ||
+ | * Specify the location of ''putty.exe'' in the //path// field, and click ''Next'':\\ ''%%"C:\Program Files\PuTTY\putty.exe"%%'' (**with** the quotes!) | ||
+ | * Specify the name of the shortcut (as it will appear on the desktop), and save the shortcut\\ e.g. ''obelix via ssh1'' | ||
+ | * Right-click on the shortcut and select **Properties**, then add the name of the desired profile to the content of the //Target// field | ||
+ | * Warning: | ||
+ | * you have to **use an existing session name** (as it appears in ''Pageant'' => ''Session'' => ''Saved Sessions'') | ||
+ | * you have to **use quotes correctly**, otherwise you will get an error message! | ||
+ | * Examples: | ||
+ | * ''%%"C:\Program Files\PuTTY\putty.exe" -load "obelix via ssh1"%%'' | ||
+ | * ''%%"C:\Program Files\PuTTY\putty.exe" -load "obelix (direct)"%%'' | ||
+ | * Click **OK** to save the changes | ||
+ | * You can now connect to the remote server just by clicking on the desktop shortcut, instead of right-clicking on the ''Pageant'' icon! | ||
+ | |||
+ | ===== Using ssh keys with PuTTY/Pageant ===== | ||
+ | |||
+ | <WRAP center round alert 60%> | ||
+ | In this section, we will use files that have the same base name, and different extensions. | ||
+ | |||
+ | You should **make sure that you can [[other:win10config#displaying_hidden_folders_and_files_and_the_files_extension|see hidden folders, and files' extensions]]** before you go further! | ||
+ | </WRAP> | ||
+ | |||
+ | |||
+ | Read the [[other:ssh#using_ssh_keys|Using ssh keys]] section if you don't know what //ssh keys// are | ||
+ | <WRAP center round important 80%> | ||
+ | * **Do not lose** the (existing) ssh keys files you have, or the keys that you will create | ||
+ | * It is recommended to **keep a copy of these files** on another computer! | ||
+ | |||
+ | * **Do not forget** the passphrase that will be used to unlock the private key | ||
+ | * If you save the passphrase in a file, **do not** put this file in the same place as the ssh keys | ||
+ | * Read [[other:ssh#some_common_sense_advice|Do not forget your passphrase!]] if you need some advice about passphrases | ||
+ | |||
+ | * The best thing to do is probably to **keep the keys in the standard [[other:ssh#configuration_files|ssh configuration directory]]**! | ||
+ | </WRAP> | ||
+ | ==== Converting existing ssh keys with PuTTYgen ==== | ||
+ | |||
+ | If you already have a private ssh key generated on another computer (e.g. an ''id_ed25519'' text file), you just have to use ''PuTTYgen'' to **import the existing private key**, and then export it to a //converted// ''id_ed25519.ppk'' file that ''Pageant'' can use | ||
+ | |||
+ | * Move the ''id_ed25519'' key file to the [[other:ssh#configuration_files|Windows ssh configuration directory]] | ||
+ | * => ''C:\Users\your_windows_login\.ssh\id_ed25519'' | ||
+ | |||
+ | * Launch the ''PuTTY Key Generator'': ''Start'' => ''PuTTY'' => ''PuTTYgen'' | ||
+ | |||
+ | * Open the ''Conversions''=>''Import key'' menu\\ {{ :other:putty_21b.png?direct&300 |}} | ||
+ | |||
+ | * Select the existing ''id_ed25519'' private key file (or another valid private key) and type the passphrase to unlock and import it | ||
+ | |||
+ | * Click on the ''Save private key'' button, and create an ''id_ed25519.ppk'' file in the [[other:ssh#configuration_files|Windows ssh configuration directory]] | ||
+ | * => ''C:\Users\your_windows_login\.ssh\id_ed25519.ppk'' | ||
+ | |||
+ | ==== Creating ssh keys with PuTTYgen ==== | ||
+ | |||
+ | If you don't already have an existing set of //recent-enough// ssh keys, follow the steps below to **create a set of private and public keys**. | ||
+ | |||
+ | Notes: | ||
+ | * by //recent-enough//, we mean ssh keys of type //rsa// and preferably //ed25519// (//dsa// is deprecated) | ||
+ | * extra technical details (that you can probably safely ignore) are available in the official [[https://the.earth.li/~sgtatham/putty/0.78/htmldoc/Chapter8.html#pubkey-puttygen|Using PuTTYgen, the PuTTY key generator]] documentation | ||
+ | |||
+ | Steps: | ||
- | When changing a setting, select a (sub-)category in the left part of the PuTTY Configuration windows, and change the displayed settings in the right part of the window. | + | * Launch the ''PuTTY Key Generator'': ''Start'' => ''PuTTY'' => ''PuTTYgen'' |
- | FIXME | + | * Make sure that the selected //Type of key to generate// (at the bottom of the ''PuTTYgen'' window) is ''EdDSA'' (short for //Edwards-curve DSA//), with the default ''255'' bits.\\ This will generate **//ed25519// keys** that are now recommended on the IPSL servers |
+ | * {{:other:putty_23b.png?direct&500|}} | ||
+ | * You could also use ''RSA'' and ''4096'' bits, but ''ed25519'' keys are now recommended on the IPSL servers | ||
- | * The best way to use PuTTY, is to use it with Pageant: | + | * Click on the ''Generate'' button and move your mouse to generate some random information |
- | * Start Menu => Putty menu => Pageant (this will just put the Pageant icon in the rightmost part of the taskbar, the icon may even me masked) | + | |
- | * Right-click on the Pageant icon and choose: | + | |
- | * **New session** to define a new server you want to connect to | + | |
- | * Recommended settings: FIXME | + | |
- | * **Saved Sessions** to connect to a server | + | |
- | * **Add key** to select a private ssh key and type/store the matching pass phrase (if you have a private ssh key you generated on Linux, you need to convert it with Putty Menu => PuTTYgen) | + | |
- | FIXME | + | * Type your ''Key passphrase'' and confirm it |
+ | * Read [[other:ssh#some_common_sense_advice|Do not forget your passphrase!]] if you need some advice about passphrases | ||
- | ===== Adding and configuring a new session ===== | + | * Click on the ''Save private key'' button, and create an ''id_ed25519**.ppk**'' file |
+ | * Note: files with a ''.ppk'' extension can only be used by ''PuTTY''/''pageant''. That's why you also need to //export// the private key, as shown below | ||
- | ===== Making ssh tunnels with Putty ===== | + | * **Important!** Click ''Conversions''=>''Export OpenSSH Key'' and create an ''id_ed25519'' file (a text file with **no** ''.ppk'' extension) |
+ | * You will not need this file when you use ''PuTTY'', but you may need to use this private key in a standard text format later, on Linux computers/servers | ||
- | ===== Using ssh keys ===== | + | * Open a text editor and create an ''id_ed25519**.pub**'' file |
+ | * Save the content of the ''Public key for pasting into OpenSSH authorized_keys file'' field in the file\\ Something looking like\\ <code>ssh-ed25519 AAAAC3NzaC1lZDI[... lots of characters ...]vwjLNmY eddsa-key-20230310</code> | ||
+ | * Click on the ''Save public key'' button, and create a ''id_ed25519**.pub**'' file | ||
+ | * You will need to [[other:ssh#installing_ssh_keys|install the public key]] on all the remote Linux server that you want to connect to using the ssh agent, instead of typing your password | ||
+ | ==== Using the private key in Pageant ==== | ||
+ | We assume that the **private key file** is available locally in ''<some_disk_different_from_c>:\Users\<your_login>\ssh\'' | ||
+ | * Start ''Pageant'' and open the ''Pageant Key List'' window by: | ||
+ | * Double-clicking (left mouse button) on ''Pageant'' | ||
+ | * Or right-clicking on ''Pageant'' and choosing ''View keys'' | ||
+ | * Click on ''Add Key'', navigate to the directory where you have stored the ''.ppk'' converted private key file (e.g. ''\Users\<your_login>\ssh\''), open it and type your passphrase. You can ''Close'' the ''Pageant Key List'' once the key appears there\\ {{ :other:putty_private.png?direct&300 |}} | ||
+ | * If everything was done correctly, you should now be able to open the //Sessions// defined in ''Pageant'', on remote servers where the **public key matching the private key** used in ''Pageant'' was [[other:ssh#installing_ssh_keys|installed correctly]] | ||
/* standard page footer */ | /* standard page footer */ |