This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
other:putty_conf [2022/08/08 15:51] jypeter Updated link to X server page |
other:putty_conf [2023/03/15 13:53] jypeter [Using ssh keys] More wise advice |
||
---|---|---|---|
Line 54: | Line 54: | ||
* Specify your login name (on the LSCE servers) in **Auto-login username**. This way you won't have to type it when you connect to the Linux server!\\ {{ :other:putty_06.png?direct |}} | * Specify your login name (on the LSCE servers) in **Auto-login username**. This way you won't have to type it when you connect to the Linux server!\\ {{ :other:putty_06.png?direct |}} | ||
* In the ''Connection'' => ''SSH'' => ''Kex'' category: | * In the ''Connection'' => ''SSH'' => ''Kex'' category: | ||
- | * **<wrap hi>Unselect Attempt GSAPPI key exchange</wrap>**!\\ If you forget to do this, connecting to a server will seem to take forever (if it works at all)...\\ {{ :other:putty_gssapi.png?direct |}} | + | * **<wrap hi>Unselect Attempt GSSAPI key exchange</wrap>**!\\ If you forget to do this, connecting to a server will seem to take forever (if it works at all)...\\ {{ :other:putty_gssapi.png?direct |}} |
* In the ''Connection'' => ''SSH'' => ''Auth'' category: | * In the ''Connection'' => ''SSH'' => ''Auth'' category: | ||
* Select **Allow agent forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -A option]]\\ {{ :other:putty_07.png?direct |}} | * Select **Allow agent forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -A option]]\\ {{ :other:putty_07.png?direct |}} | ||
* In the ''Connection'' => ''SSH'' => ''X11'' category: | * In the ''Connection'' => ''SSH'' => ''X11'' category: | ||
- | * Select **Enable X11 forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -X option]]\\ {{ :other:putty_08.png?direct |}} | + | * Select **Enable X11 forwarding**. This is the same as [[/other:ssh#standard_usage|using ssh with the -X option]]\\ Note: remember that you will also need an [[other:x_conf|X server running]] in order to display graphics!\\ {{ :other:putty_08.png?direct |}} |
* When you have finished updating the settings, **do not forget to go back to ''Category'' => ''Session'' and Save the session**!\\ {{ :other:putty_09.png?direct |}} | * When you have finished updating the settings, **do not forget to go back to ''Category'' => ''Session'' and Save the session**!\\ {{ :other:putty_09.png?direct |}} | ||
Line 120: | Line 120: | ||
<WRAP center round important 80%> | <WRAP center round important 80%> | ||
* **Do not lose** the (existing) ssh keys files you have, or the keys that you will create | * **Do not lose** the (existing) ssh keys files you have, or the keys that you will create | ||
- | * It's a very good idea to **keep a copy of these files** on another computer! | + | * It is recommended to **keep a copy of these files** on another computer! |
* **Do not forget** the passphrase that will be used to unlock the private key | * **Do not forget** the passphrase that will be used to unlock the private key | ||
+ | * If you save the passphrase in a file, **do not** put this file in the same place as the ssh keys | ||
+ | * Read [[other:ssh#some_common_sense_advice|Do not forget your passphrase!]] if you need some advice about passphrases | ||
- | * If you save the passphrase in a file, **do not** put this file in the same place as the ssh keys | + | * The best thing to do is probably to **keep the keys in the standard [[other:ssh#configuration_files|ssh configuration directory]]**! |
- | + | ||
- | * Easiest thing to do is probably to store the key files in an ''ssh'' sub-directory somewhere | + | |
- | * We assume below that they keys are in a sub-directory of your [[other:win10config#the_most_important_folders|local HOME FOLDER]]\\ \\ <some_disk_different_from_c>:\Users\<your_login>\ssh\ | + | |
</WRAP> | </WRAP> | ||
Line 142: | Line 141: | ||
==== Creating ssh keys with PuTTYgen ==== | ==== Creating ssh keys with PuTTYgen ==== | ||
- | If you don't have a set of ssh keys, follow the steps below to **create private and public keys** | + | If you don't already have an existing set of //recent-enough// ssh keys, follow the steps below to **create a set of private and public keys**. |
+ | |||
+ | Notes: | ||
+ | * by //recent-enough//, we mean ssh keys of type //rsa// and preferably //ed25519// (//dsa// is deprecated) | ||
+ | * extra technical details (that you can probably safely ignore) are available in the official [[https://the.earth.li/~sgtatham/putty/0.78/htmldoc/Chapter8.html#pubkey-puttygen|Using PuTTYgen, the PuTTY key generator]] documentation | ||
- | * Make sure that the type of key (at the bottom of the ''PuTTYgen'' window) is ''RSA'' and that the number of bits is ''4096'' | + | Steps: |
+ | * Make sure that the selected //Type of key to generate// (at the bottom of the ''PuTTYgen'' window) is ''EdDSA'' (short for //Edwards-curve DSA//), with the default ''255'' bits.\\ This will generate **//ed25519// keys** that are now recommended on the IPSL servers | ||
+ | * {{:other:putty_23b.png?direct&500|}} | ||
+ | * You could also use ''RSA'' and ''4096'' bits, but ''ed25519'' keys are now recommended on the IPSL servers | ||
* Click on the ''Generate'' button and move your mouse to generate some random information | * Click on the ''Generate'' button and move your mouse to generate some random information | ||
* Type your ''Key passphrase'' and confirm it | * Type your ''Key passphrase'' and confirm it | ||
- | * Click on the ''Save private key'' button, and create a ''id_rsa.ppk'' file (or ''any_name_you_want.ppk'')\\ {{ :other:putty_23.png?direct&400 |}} | + | * Read [[other:ssh#some_common_sense_advice|Do not forget your passphrase!]] if you need some advice about passphrases |
- | * Click on the ''Save public key'' button, and create a ''id_rsa.pub'' file | + | * Click on the ''Save private key'' button, and create an ''id_ed25519**.ppk**'' file |
+ | * Note: files with a ''.ppk'' extension can only be used by ''PuTTY''/''pageant''. That's why you also need to //export// the private key, as shown below | ||
+ | * **Important!** Click ''Conversions''=>''Export OpenSSH Key'' and create an ''id_ed25519'' file (a text file with **no** ''.ppk'' extension) | ||
+ | * You will not need this file when you use ''PuTTY'', but you may need to use this private key in a standard text format later, on Linux computers/servers | ||
+ | * Open a text editor and create an ''id_ed25519**.pub**'' file | ||
+ | * Save the content of the ''Public key for pasting into OpenSSH authorized_keys file'' field in the file\\ Something looking like\\ <code>ssh-ed25519 AAAAC3NzaC1lZDI[... lots of characters ...]vwjLNmY eddsa-key-20230310</code> | ||
+ | * Click on the ''Save public key'' button, and create a ''id_ed25519**.pub**'' file | ||
* You will need to [[other:ssh#installing_ssh_keys|install the public key]] on all the remote Linux server that you want to connect to using the ssh agent, instead of typing your password | * You will need to [[other:ssh#installing_ssh_keys|install the public key]] on all the remote Linux server that you want to connect to using the ssh agent, instead of typing your password | ||
- | * Click on ''Conversions''=>''Export OpenSSH key'', and create a (standard) ''id_rsa'' file\\ You will not need this file with Putty, but it is just in case you need to use your private key later on a Linux computer | ||
==== Using the private key in Pageant ==== | ==== Using the private key in Pageant ==== |