Adding Public / Private Key Authentication

Now we are going to change the server login process so that it can be run automatically for use in scripts and scheduled tasks.

Download PuTTYgen, which we will use to generate our keys. Load it up, click on Generate and then wiggle the cursor over the blank area until the progress bar finishes. This will generate two keys (Figure 2). The Public one is put onto the server and it doesn't really matter who sees it. The Private one should be kept secure because whoever has the Private key can use it to log into your server without using a password!

Figure 2: Using PuTTYgen to generate Public and Private keys

Add a comment to the key if you wish, and then click Save private key. Answer Yes to saving the key without a passphrase and save it somewhere safe with a meaningful name. Also, as I first didn't realize and took a good deal of hair-pulling to find out, PuTTY and OpenSSH have different format private keys. Since we will be using the OpenSSH client with rsync, click Conversions-> Export OpenSSH Key and save that too. Don't worry about saving the Public key in a different format.

Now in the .ssh directory that was created above (in C:\Program Files\cwRsyncServer\home\kevin), there should be a file called authorized_keys. Open this in WordPad and paste the contents of the big text-box at the top of PuTTYgen into the file. It should paste onto a single line. Save and close the file, and close PuTTYgen.

Now in PuTTY, we will now try to connect using the key instead of the password. Enter localhost and 443 as before, but now add two more options. Click Connection and change the Auto-login username to be the one you created previously. (Figure 3)

Figure 3: Entering the Auto-login username in PuTTY

Then expand the SSH branch and click Auth. In the Private key file for authentication enter the location of the file you saved in the previous step (Figure 4).

Figure 4: Entering the Private key file location in PuTTY

Now when you click Connect, PuTTY should connect without asking for a username or password. Neat eh? As you now see, anyone with your private key can log into the server, so keep it very safe.

We now have a automatic secure connection to a remote server. Now, it's time to do something with that connection!

Tags: Backup, NAS, rsync,

Related Articles: