First of all the ssh key has to be generated with puttygen. Unfortunately the generated public key format is not 100% compatible with OpenSSH. Therefore the public keys

has to be modified in some way before it can be used on a OpenVPN server.
Invoke puttygen and generated key:
  1. Start puttygen on the windows client. Select ssh-2 RSA and set number of bits in generated key to 2048.
  2. Click Generate
  3. Save the generated key and save public and private keys in C:\Program Files\putty as id_rsa and id_rsa_priv.ppk.
Update of putty public keys for OpenSSH:
  1. Open a console window and copy the putty public files id_rsa in id_rsa_linux with command copy id_rsa id_rsa_linux
  2. Now edit with a windows editor file id_rsa_linux carefuly: Delete the first two lines and the last line. Now combine all lines in one line. Attention! No spaces should be created. FInally Schluss add ssh-rsa  in front of the line. Attention: There is one space at the end of ssh-rsa and the line should start with ssh-rsa AAAAB3.
Copy public keys to the server and add key to authorized_keys file
  1. Open a command window and call  C:\Program Files\putty>pscp id_rsa_linux framp@obelix:id_rsa. This copies the linux public key in the home directory of user framp.
  2. Call C:\Program Files\putty>putty framp@obelix:id_rsa. THis opens a command window on the server.
  3. mkdir .ssh creates the .ssh directory if it doesn't exist already.
  4. cat id_rsa >> .ssh/authorized_keys IMPORTANT ! use  >>  !!! Otherwise existing entries will be deleted.
Start putty  and use ssh key:
  1. Select connection -> ssh -> auth and select the generated private key (id_rsa.ppk)
  2. session: Enter sshd hostname
  3. Connection -> Data: Enter auto login username
  4. session: Enter in Saved session a session name
  5. Save
  6. Now open
Voila - you now logged on with ssh and a key. No password  is required any more. If there are problems to log on that's because the sshd configuration is not correct. In sshd_config you have to have following settings:

PubkeyAuthentication yes
RSAAuthentication no
PermitRootLogin yes
When you succesfully tested the access with putty and key you have to turn off password authentication with

PermitRootLogin no

and now there is no access possible any more without key.

To be on the safe side check your sshd_conf whether it's conform How to protect a ssh server from internet attacks

Attention: Save your private key at a secure place.

Add comment

Spam Kommentare sind sinnlos denn sie werden nicht publiziert. Sie werden vor der Publizierung auf Spam geprüft. Deshalb kann es aber etwas dauern bis ein Kommentar sichtbar wird.
Die eMail ist optional und nicht öffentlich sichtbar Sie wird u.U. genutzt um offline zu kommunizieren

Spam comments are useless because they will not be published. Before they are published they are checked for spam. Therefore it may take some time until the comment is published.
eMail is optional and hidden and may be used to contact you offline