Generating SSH keys on Windows

(see also generating keys on Linux)

There are several SSH clients for Windows, each with a different user interface. Two common ones are F-Secure and PuTTY

F-Secure

F-Secure SSH is a commercial program available from f-secure.com (now WRQ/Attachmate)

A TRIUMF licensed copy is available from desktop apps under "Network Tools"


Under Edit, select Settings then "Generate New Keypair"

Choose "DSA"

Pick a filename which won't conflict when uploaded; maybe something like "joe-lin00".
Add a passphrase, unless you need scripted connections. You can change it later.

Upload the file. You will have to connect first using a password, or you can export the file to a USB memory stick or diskette.

You then need to convert the ssh.com format to OpenSSH format:
cd ~/.ssh2 ; ssh-keygen -i -f MyKey1.pub >$gt; ~/.ssh/authorized_keys2

Now you can connect using PKI. In the connect dialogue, add "Public Key" and move it above Password in the list.

When you connect, you will be prompted for your passphrase.

See management for suggestions for organizing keys.

PuTTY

PuTTY is a free SSH client for Windows, available here. PuTTY is also built into the later versions of the XWin32 X11 client, and is used in the ws_ftp file transfer program.

Run the puttygen program to generate a keypair. Choose SSH2-DSA. (puttygen can also convert keys generated on Linux with openssh).
Pick a passphrase, as above.

You may then copy and paste the OpenSSH key from the text box. Append it to $HOME/.ssh/authorized_keys2 on the server

You should consider restricting the scope of the login by adding a "from" field to the key entry, e.g.
from="some.ubc.ca,some.triumf.ca" ssh-dss AAAAB3NzaC1kc3.....

In the configuration menu, under SSH Auth, select your private key file. Under Session, save your session parameters.

When you log in, you will be prompted for your passphrase.

See management for suggestions for organizing keys.