SSH without password using Putty

SSH Protocol

SSH (Secure Shell) is a network protocol that provides secure access to a computer (mostly Unix based).  When you want to connect to a remote Unix server, SSH is one way of accessing the server. SSH is very powerful by combining both security of the data transmitted over network and accessibility to the remote system. SSH protocol works between two computers by a client-server architecture. When a client computer connects to the server, the server requires the client to authenticate itself. There are different ways a client can authenticate itself to the server. A typical authentication mode will be to enter a password when logging into a remote system. In this howto we can explore another mode of authentication in which server doesn’t require a password to be entered by the user. This mode will be very useful if you are connecting to a remote system frequently and dont want to enter the password everytime.

Before we see the steps, just to give a background on the components involved:

SSH SERVER

When you need to connect to a remote computer via SSH, that computer should have a SSH server running on it. All Unix based distributions ( Linux, Mac OSX etc.,) includes a ssh server. For Windows based systems Cygwin can be used as an SSH server.

SSH CLIENT

Assuming your remote computer has an SSH server running on it, to connect to that computer you would need a SSH client on the local computer. On Unix based systems, SSH clients are available as command line utilities. For Windows based systems, putty is an excellent client. Check here for more information about putty.

CONFIGURATION

  1. We start the configuration at the client windows computer. Download the latest version of Putty.exe and Puttygen.exe from here. Using the Puttygen tool we have to generate an authentication key. This key will serve as a substitute for the password that will be entered during login.
  2. Start puttygen.exe by double clicking on the executable. The following window opens up.

    puttygen window

    Puttygen Window

  3. Leave the default ‘SSH-2 RSA’ selection and click on the ‘Generate’ button. The following window opens. Move mouse randomly over the empty space below the progress bar to create some randomness in the generated key.

    RSA key generation by Puttygen

    RSA key generation by Puttygen

  4. Don’t enter any key phrase. Click on ‘Save private Key’ button. Click ‘Yes’ on the window asking for confirmation for saving the key without a password.

    Key generated successfully

    Key generated successfully

  5. Save the key file to a safe location (Let us assume you will be saving it as C:\Personal\SSHKey\Laptop.ppk).
  6. Now you can close the Puttygen window.
  7. Open the Laptop.ppk file in a notepad. Copy the four lines under ‘Public-Lines’ section to windows clipboard.

    Copy Public Key Section

    Copy Public Key Section

  8. Now open putty and connect to the remote system using the user id you want to use for future no password connections. (Let us assume you will connect to the remote machine using user name ‘ubu’. This time when you login, you have to provide the password at the prompt. Future logins won’t require this password.
  9. Under the logged in user’s  home directory there will be .ssh directory, under that create a new  file called authorized_keys using a text editor such as vi. (In our case the file will be created under /home/ubu/.ssh/authorized_keys).
  10. Type the word ” ssh-rsa ” (including  spaces on both ends of the word) and paste the 4 lines copied from step 7. Remove the carriage return at end of each line, merging four lines into one single line. Be careful not to delete any characters while doing that.  Final output should like the following window.

    Add generated key to remote system

    Add generated key to remote system

  11. Save the file and quit the text editor. Assign rw permissions only for the owner. $ chmod 600 ~/.ssh/authorized_keys.

    Set file permissions

    Set file permissions

  12. Now we have configured SSH server, its time to test our setup.
  13. On the local system, open Putty, enter the ip address details of the remote system.
  14. Now from the left navigation, select Connection -> Data. Enter ‘ubu’ as ‘Auto-login username’ on the right panel.

    Enter User name on Putty

    Enter User name on Putty

  15. Again from the left navigation menu, scroll down and select Connection -> SSH -> Auth. Enter the path of the saved private key file ( In our case C:\Personal\SSHKey\Laptop.ppk ). Leave other defaults as such and press open button.

    Specify key file location

    Specify key file location

  16. Now the putty connects to the remote SSH server and there won’t be any password prompt here after :-) .

    No Password Connection

    No Password Connection

Caution
SSH is a powerful tool and relies on password as a security. We just bypassed that security for sake of convenience. If a hacker get holds of the private key we generated, it allows a free access to your systems. So use this technique with care.

30 Responses

  1. Bob says:

    Great post just what i needed .. thanks a million ..

  2. David says:

    Very Nice, thank you very much!

  3. Vidya says:

    It dint work for me :(
    I am loggin on to Solaris machine, but it asks me password.

  4. James says:

    An easier (and more effective) way to get the data needed on the remote (Linux / server) system for the authorized_keys file is to simply copy the data presented at the top of the PuttyGen window. PuttyGen understands the format of data needed for authorized_keys and generates exactly what you need to paste in.

    So, instead of doing step 7, before you close PuttyGen, simply copy the data from the box at the top of the window labeled “Public key for pasting into OpenSSH authorized_keys file:”. The easiest way to do this is to hit Alt-P (selects the data in this box) and then Control-C (copies the data).

    Now proceed with step 8. Note that the data you copied is already on one line (no need to delete returns) and already has the appropriate ‘ssh-rsa ‘ on the front. In particular note that you do NOT! need a space on the front of this line. Just paste exactly what you copied into the authorized_keys file on your target server (if you have a putty connection, as suggested, you can simply right-click in the putty window to paste the clipboard) and save it out.

    I hope that makes it easier for people to get this working.

    Thanks,

    - James

  5. Venkat says:

    Very useful, thanks a lot !

  6. janos ujvari says:

    Thanks a lot. It is very helpful and easy to follow.

    janos @27.01.2010, Szabadka

  7. Maxe says:

    I wish every how-to on the web was like this one. THANKS!

  8. Bejoy says:

    This works very well. Thanks a lot. James post also worked for me. Earlier it wasn’t working for me as I was using the old version of putty. But now it works perfect. I even converted using 2048 bits, for more security, and it works perfectly.

  9. Sameer says:

    It asks me password.

    NOT WORKING for me.

  10. David says:

    I’m having difficulty at step 8.

  11. Anamaria says:

    NOT WORKING for me either. It prompts me to enter a password. Was anyone able to work around this issue?

  12. Swig says:

    DOES NOT WORK. Prompts for password. Tried on 3 different servers. Anyone have a solution?

  13. ted smith says:

    Sweet and simple. Thanks.
    -Voicer.

  14. vishal says:

    Thanks a lot!!!

  15. Kang Chen says:

    It works. Thanks . :)

  16. Teemu Harju says:

    Does work – great thanks!!

  17. bellycore says:

    great help. Very usefull

  18. Thomas says:

    Worked like a charm. I have several sessions saved and you have to click “load” for each one. Then, after doing the steps, click “Session” at the top and remember to click “save”. Now it will be there every time you start PuTTY. Thanks!

  19. jing kang says:

    need change config on sshd
    sshd_config

    PermitRootLogin yes –> PermitRootLogin without-password

    StrictModes no

    PubkeyAuthentication yes

    AuthorizedKeysFile .ssh/authorized_keys

    chmod 700 /root/.ssh

    chmod 600 /root/.ssh/authorized_keys

    restorecon -R -v /root/.ssh

  20. John Doe says:

    Thanks a lot! Simple and very usefull.

  21. Dave Henderson says:

    Partially working for me, after following the instructions carefully when I connect, I no longer get user/pass request. It automatically says “using username xxx”

    But is then says using public key “xyz”

    And it then asks for the key

    So I still have to enter something, was the password, now the key. Did not actually save anything.

    Too bad, I had high hopes for this.

  22. Dave Henderson says:

    Third try it worked.

  23. Mark Hahn says:

    PLEASE BE CAREFUL. using PK this way is the moral equivalent of putting your password into a file. which you shouldn’t be doing, of course. how sure are you that no one can get to that private key? it’s text, so anyone could be on your laptop for 10 seconds and paste it onto the web somewhere (not to mention USB keys, twitter, network shares, etc).

    the ideal way to use PK is with *encrypted* private keys – you provide a passphrase to an ssh agent once, and it holds onto it for a while, wallet-like. but not permanently, and you can usually set timeouts, etc. the private key on disk is simply encrypted with your passphrase, so someone casually stealing it will gain little.

    even if you don’t want to use an agent and passphrase-encrypt your key, you can AT LEAST configure the remote host to minimize danger. openssh, the most widespread server-side implementation, has a reasonably expressive set of constraints associated with each key. you can, for instance, only permit that key to be used from particular IPs, hostnames, or even for only a specific command. (the latter sounds strange, but is *perfect* for uses like backup, since it means that the key can only perform a backup, can’t get a shell – with a little care, can’t be used for anything destructive.)

    in short: do not follow this recipe without thinking.

  24. toto says:

    thank for sharing this ssh tutorial

  25. Kaustubh Ghanekar says:

    Perfect.

  26. Gangadhar says:

    Excellent stuff……..

  27. SRIKANTH says:

    i forget putty password how i remember it plz help me anyone?

  28. TerryMullins says:

    On my CentOS system I had to create the authkeys file in a different place with a different name – look in /etc/ssh/sshd_config for AuthorizedKeysFile – mine was /etc/ssh/auth_keys/%u meaning it’s different for each userid. I created the file my-user-id there, put in the key, and then it worked! If you put a space then a name on the end of the line in the key file, putty will say Authenticating with public key “xx” and tell you what key it used.

Leave a Reply