First of all the ssh key has to be generated with puttygen. Unfortunately the generated public key format is not 100% compatible with OpenSSH. Therefore the public keys

has to be modified in some way before it can be used on a OpenVPN server.
 
Invoke puttygen and generated key:
  1. Start puttygen on the windows client. Select ssh-2 RSA and set number of bits in generated key to 2048.
  2. Click Generate
  3. Save the generated key and save public and private keys in C:\Program Files\putty as id_rsa and id_rsa_priv.ppk.
Update of putty public keys for OpenSSH:
  1. Open a console window and copy the putty public files id_rsa in id_rsa_linux with command copy id_rsa id_rsa_linux
  2. Now edit with a windows editor file id_rsa_linux carefuly: Delete the first two lines and the last line. Now combine all lines in one line. Attention! No spaces should be created. FInally Schluss add ssh-rsa  in front of the line. Attention: There is one space at the end of ssh-rsa and the line should start with ssh-rsa AAAAB3.
Copy public keys to the server and add key to authorized_keys file
  1. Open a command window and call  C:\Program Files\putty>pscp id_rsa_linux framp@obelix:id_rsa. This copies the linux public key in the home directory of user framp.
  2. Call C:\Program Files\putty>putty framp@obelix:id_rsa. THis opens a command window on the server.
  3. mkdir .ssh creates the .ssh directory if it doesn't exist already.
  4. cat id_rsa >> .ssh/authorized_keys IMPORTANT ! use  >>  !!! Otherwise existing entries will be deleted.
Start putty  and use ssh key:
  1. Select connection -> ssh -> auth and select the generated private key (id_rsa.ppk)
  2. session: Enter sshd hostname
  3. Connection -> Data: Enter auto login username
  4. session: Enter in Saved session a session name
  5. Save
  6. Now open
Voila - you now logged on with ssh and a key. No password  is required any more. If there are problems to log on that's because the sshd configuration is not correct. In sshd_config you have to have following settings:

PubkeyAuthentication yes
RSAAuthentication no
PermitRootLogin yes
When you succesfully tested the access with putty and key you have to turn off password authentication with

PermitRootLogin no

and now there is no access possible any more without key.

To be on the safe side check your sshd_conf whether it's conform How to protect a ssh server from internet attacks

Attention: Save your private key at a secure place.

Add comment

Spam Kommentare sind sinnlos !
Vor der Publizierung wird jeder Beitrag auf Spam geprüft. Leider dauert es deswegen bis ein Kommentar sichtbar wird. Dafür erhält aber kein Subscriber Spam eMails.
Die eMail ist optional und nicht öffentlich sichtbar. Sie ist notwendig um eMail Benachrichtigungen zu Antworten auf Kommentare zu erhalten und wird u.U. genutzt um offline zu kommunizieren.

Spam comments are useless !
Any comment will be reviewed first and checked for spam. Unfortunately this delays the publishing of comments but will protect subscribers from spam.
eMail is optional and hidden and is required get update notifications for any comments and may be used to contact you offline