Monday, 7 April 2008

Installing Putty to connect to a Linux box from Windows

Putty is an implementation of an ssh client for Windows. It allows you to make a secure, encrypted connection to a Linux machine, and optionally to "tunnel" connections between your Windows and Linux machines so that network facilities on one machine can be used from the other one as if they were local.


First, obtain the full putty installer from http://www.chiark.greenend.org.uk/~sgtatham/putty/, and run it. Make sure you get the full installer, not the individual programs.


Now set up your private key - run puttygen, and click the Generate button. This will create a public-private key pair. Add a key comment - usually your email address. Save the key file somewhere safe on your local disk. Also copy the public key string by highlighting it, right clicking, and choosing copy. Email the public key to the administrator of the Linux machine (if that's you, see below!).


Once the administrator has added your public key to the authorized_keys file in the .ssh subdirectory of your home directory on the Linux box, you are ready to log in.


Open putty, and navigate to Connection/SSH/Auth in the tree on the left. Browse to wherever you placed the key file. Go back to Session in the tree. Click Default Settings in the list box, then click Save. That has installed your key as the default key for putty to use.


Now enter your user name and the address of the Linux box under Host Name - e.g. nikki@192.168.1.1. Type a memorable name for the connection in Saved Sessions, and click Save.


Now click the Open button - putty should connect to the Unix box, negotiate a secure connection with it, and present you with a shell window.

Troubleshooting


If the Linux end has not been set up correctly, you will get a password prompt from putty. You can enter your password, but this should not be necessary once everything is set up.


Linux setup


In the user's home directory (usually /home/username), create a directory called .ssh with permissions drwx------:


mkdir .ssh
chmod 700 .ssh

In that directory, create a file called authorized_keys with permissions -rw-r--r--, and place in it a single line containing the public key of the user who want's to log in. If the key was emailed to you, make sure the emailer hasn't word wrapped it into multiple lines. If more than one person wants to log in as this user (or the same person wants to log in from multiple machines), add each public key one per line.


Tunnels


A tunnel connects a port on your machine to a port on the Linux box (Local) or vice versa (Remote). An example of using a tunnel would be to control a MySQL Server on the Linux box from the Windows box using MySql Administrator. You open a tunnel from port 3306 on your Windows machine to 3306 on the Linux box, and MySQL Administrator thinks the MySQL server is running on your Windows machine.


Tunnels are set up in putty under Connection/SSH/Tunnels. Enter 3306 as the source port, and localhost:3306 as the destination port, and click Add. If you always want to do this, you can load your connection on the Session screen, make the change, then save it again.


Hacking SSH


Provided you have a secure login password and keep your private key private, SSH is very secure, except for one little gotcha. Some hackers have scripts which will search machines on the Internet to see if they have port 22 (the SSH port) open. When they find one, they attempt to login using a huge dictionary of login names and passwords. If the passwords on the box are secure, they don't get in. But every failed login attempt is written to a log file, and this can fill up all the disk space!


There are a number of ways to get round this, among which are setting SSH so it does not allow text passwords but insists on a known public-private key pair, and running SSH on a different port number.


If your Linux system administrator uses a different port number, then you need to enter it on the Session page (instead of port 22) before saving your session.

No comments: