Do you have the need to work with SSH keys from Windows and you find that this becomes a hassle very quickly?
HTG goes into how to make the process as transparent as possible, using The PuTTY package suite.

Image by kaneda99.


In this guide we’ll explain how to SSH to a Linux machine from Windows with your public key, using Putty & Winscp. In addition, we will enable the forwarding option. This will allow you to continue to jump from the machine you’ve connected to with your key, to another machine that supports SSHing with keys. We will not go into how to put your public key on the Linux machine, as we have already covered this topic.

Install basic programs/packages

  • Obtain the PuTTY package (not just the executable) and install it.
  • Optionally obtain the programs WinSCP and mRemote, and install them.

Generate a Key pair

If you haven’t created a key pair yet, and you want to do it from the comfort of your Windows desktop, you can use “PuTTY Key Generator” which was installed as part of the “PuTTY package“:

  • Open “PuTTY Key Generator” by going into “Start” -> “PuTTY” -> “PuTTYgen”
  • While not required, it is recommended that you change the length of your key from the default 1024. Change the number of “bits” at the bottom from “1024” to “4096”.
  • Click “Generate” and move your mouse around randomly until the bar reaches 100%. This “salts” your key, so try to make your mouse movements as random as possible.
  • Once the program is done generating the key,
  • On the “Key Comment” line, change it to be something more useful like your name. For example:
  • While not required, it is highly recommended that you set a passphrase on the private key. This will protect your private key in case some one gains access to it and you will only be bothered with entering once at machine boot up, if you perform all the steps in the guide.
  • Click on “Save private key”.
Note: If you already have a saved private key, you can “extract” the public portion by “load”ing it with the generator.

Configuring the Key-quartermaster

The “Pageant” program that was installed as part of the PuTTY package, can store your key/s and give them to mRemote, WinSCP and PuTTY as required.

  • Open “Pageant” from the start menu. (Note: it may run off to the system tray)
  • If it has run off to the system tray, double click it, to bring up the main window.
  • Click “Add Key” and give it your saved Key Pair.
  • If need be, provide the passphrase.

Done, from now on, Putty, WinSCP and any program that serves as a fronted for them (like mRemote) will first consult with the Pageant program if there is a key to use for the connection.

Loading Keys automatically at startup (Optional)

The process above needs to be repeated after every machine reboot, as Pageant doesn’t save loaded key configurations. To have it load the configuration automatically at startup, you can use one of the two methods below:

  1. Assuming you’ve allowed Pageant to take over the ppk suffix, you should be able to simply add the key files to the Windows “startup” folder.
  2. Create a shortcut to the program that passes the key-files as parameters.  For example, the “Target” command for two(2) keys would look like:

    “C:\Program Files (x86)\PuTTY\pageant.exe” “C:\Users\AviadR\Documents\aviad’s 4096.ppk”  “C:\Users\AviadR\Documents\aviad’s 1024.ppk
  • Then, add this shortcut to window’s startup.

RELATED: What is SSH Agent Forwarding and How Do You Use It?

Enable SSH Agent forwarding (PuTTY/mRemote)

This configuration is optional, but doing it will allow you once you’ve SSHed into a machine to continue and SSH from it, to the next machine, with the same key. To do this:

  • Open PuTTY.
  • Under “Connection” -> “SSH” -> “Auth”.
  • Check the “Allow agent forwarding“.
  • Go back to “Session”
  • Select the “Default Settings” entry.
  • Click on “Save”.
  • Done.

Enable SSH Agent forwarding (WinSCP)

Note: for more on this topic, please read our guide on SSH agent forwarding.

  • In a WinSCP new connection tab, Enable the Advance options checkbox.
  • Go to the “SSH” -> “Authentication”.
  • Check the “Allow agent forwarding” checkbox.
  • Go to the “General Options” by clicking on “Preferences” -> “Preferences”.
  • Enable Putty to be invoked with the  forwarding option by going into “Integration” -> “Application” and appending the “-A” CLI option.
  • You can now make this the template for subsequent connections by going back to “Session” and typing in, the basic information that you know will be uniform across all connections (if any), like Username, IP, Etc’. Then “save” the session.

RELATED: What Is a PEM File and How Do You Use It?

Author’s Notes
While purists, will say that any serious SSHing, should be done from a Linux machine, the reality is that Ubuntu’s bug #1 “Microsoft has a majority desktop market share”, still holds true. maybe one day we’ll move to the Linux desktop completely, but that day will not be today and not for the 35 year old shell.

Spike: So i guess i served my time and i’m free to go?
SoundWave: Free to go, to Cybertron…