Archive for March, 2009

Using Putty on Windows to login Linux securely via OpenSSH


Using Putty on Windows to login Linux securely via OpenSSH

  • Submitted by: Man-wai CHANG
  • Update by: Man-wai CHANG
  • Date Submitted: 31 May 2006
  • Document Version: 1.0
  • Last Updated: Sat, 02 Feb 2008 17:46:43 GMT

This is a guide about using Putty on Windows with OpenSSH on Linux. You would learn about how to:

  • configure OpenSSH on linux side to accept version 2 public-key authentication.
  • create public and private keys with OpenSSH on the linux side,
  • convert OpenSSH keys to Putty format using puttygen.exe at the Window side,
  • use putty.exe to talk to OpenSSH using the converted private key.
      I would assume that you have OpenSSH installed. As per 31-May-2006, the latest version of OpenSSH was 4.3p1. Your Linux distribution may likely use an older version, however.
  • Configuring OpenSSH to accept public-key authentication

    To enable your OpenSSH to accept version 2 public key, you would need to modify /etc/ssh/sshd_config. You could use vi editor (or whatever editor you are familiar with) to uncomment/add/modify the following lines to /etc/ssh/sshd_config:


    # the default SSH port is 22, you could alter it if necessary
    Port 22
    # accept version 2 keys only
    Protocol 2
    # NEVER allow root to login directly over the net
    PermitRootLogin no
    StrictModes yes
    MaxAuthTries 3
    # enable public-key authentication
    RSAAuthentication no
    PubkeyAuthentication yes
    # securing your OpenSSH
    # do not use host-based authentication for security reason
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    IgnoreUserKnownHosts yes
    PermitEmptyPassword no
    # do not allow telnet-type login for security reason
    ChallengeResponseAuthentication no
    PasswordAuthentication no
    X11Forwarding yes
    X11DisplayOffset 10

    After you have made changes to /etc/ssh/sshd_config, you would need to restart the OpenSSH daemon by executing `/etc/init.d/ssh restart` (on Ubuntu).

    Generating OpenSSH private and public key pair

    To use public key authentication, the first step is to generate a pair of private and public keys on the Linux side. I would assume that you login as a user called “toylet”.

    1. Login Linux as user "toylet". You could do it at the Linux console
       or via telnet.
    2. Execute `ssh-keygen -t rsa` to generate a version 2 public
       and private key pair into directory /home/user/.ssh.
       The passphrase is optional (but preferred).
    toylet@server:~$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/toylet/.ssh/id_rsa):
    /home/toylet/.ssh/id_rsa already exists.
    Overwrite (y/n)? y
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/toylet/.ssh/id_rsa.
    Your public key has been saved in /home/toylet/.ssh/
    The key fingerprint is:
    ec:f4:3f:b5:fe:2f:de:22:6c:42:8c:38:ad:6c:5e:96 toylet@server
    3. Execute `cd /home/toylet/.ssh`
    4. You should see 2 files: id_rsa and
       Now execute the following command:
       cp authorized_keys
    5. Copy /home/toylet/.ssh/id_rsa from Linux to Windows.

    Converting the OpenSSH private key to Putty format

    Next, we head to the Windows side. In step 4, you created two key files (id_rsa and Putty cannot directly open OpenSSH keys. We need to convert id_rsa to id_rsa.ppk using a program called puttygen.exe.

    6. At the Windows side, download puttygen.exe from Putty website.
    7. Execute puttygen.exe

    8. Click File->Load Private Key, load the file "id_rsa" from Step 5.
       Enter the passphrase if you used it in step 2.

    9. Now the key has been loaded as in the figure above.
       Hit the button "Save private key".
       The converted key would be saved as "id_rsa.ppk".

    Logging in Openssh using id_rsa.ppk

    Download putty.exe from Putty website. It’s time to really login OpenSSH using putty.exe on Windows side. The steps here would be a little bit more complicated.

    10. Invoke putty.exe
    10.1. Click "Session" in the sidebar.

    10.1.1. Enter ip address of your server (e.g.,
    10.1.2. Click "SSH" in the Protocol option
    10.2. Choose "SSH" under "Connection" in the sidebar

    10.2.1. In "Preferred SSH protocol version", select "2 only"
    10.2.2. click "Auth" under "SSH" Hit the Browse button, select the file "id_rsa.ppk" from Step 9.
    10.3. hit "Session" again in step 10.1

    10.3.1. Enter a name (e.g. "toylet.session") in the textbox directly
            under "Saved Sessions".
    10.3.2. Hit the "Save" button. The name "toylet.session" would appear in
            the listbox of "Saved Sessions".

    10.4. Double-click "toylet.session". Now you would be presented
          with a login screen for OpenSSH.
    10.4.1. Enter the linux user name "toylet"
    10.4.2. Enter the passphrase if you specified it in step 2.
    Login as: toylet
    Authenticating with public key "imported-openssh-key"
    Passphrase for key "imported-openssh-key":
    Last login: Wed May 31 12:35:00 2006 from
    11. You have successfully logged into your Linux server via OpenSSH.


    • You should change both your private and public keys periodically by repeating the steps above.
    • You may disable the telnet daemon foreever since telnet doesn’t encrypt the connection, allowing eavedropping easily.

    No Comments

    Photo Album 首頁整好喇~~


    Sorry 啊 , no next time~

    No Comments

    SharePoint Object Model Performance Considerations


    No Comments

    MySQL-Front, a good client for managing MySQL Server for Windows

    MySQL-Front version 5.1

    Data Browser Screenshot of MySQL-Front shows an easy to use GUI implementation of a MySQL Table viewing and editingMySQL-Front is a graphical GUI for the MySQL database. Because it is a “real” application, it can offer a more refined user-interface than is possible with systems built on PHP and HTML. Response is immediate, as there is no delay of reloading HTML-pages.

    As a Windows GUI application, it has total control of the graphic display, information can be presented as clearly as possible. Your data is presented in a table with resizable column-widths and sorting capability.

    If your provider allows it, MySQL-Front can make direct contact with the database. Otherwise, only one small script needs to be installed on the publishing website. Login information (and passwords if wanted) are stored on your hard disk, so you no longer have to log on to different web interfaces.

    MySQL-Front presents a uniform front-end for all of your current database projects. In practice, you can work with the database of your choice after only a few clicks.

    Object Browser Sreenshot of MySQL-Front shows an easy to use GUI implementation of the table structure a MySQL databaseDefining and managing the database-structure, importing data, editing data is now simple with this full-featured program. For designers with only a basic grasp of databases, this program is the way to go to make you independent of SQL gurus.

    MySQL-Front makes working with MySQL databases a snap without hiding the language from the user. The built-in SQL Editor provides syntax highlighting and context sensitive help, so even working with SQL commands and scripts will be a matter of convenience.

    No Comments for Excel File

    String ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" +
    @"Data Source=<strong>BusinessCard.xls</strong>;" +
    "Extended Properties='Excel 8.0;HDR=Yes;'";
    // the string in bold is the excel file name
    DbProviderFactory factory = DbProviderFactories.GetFactory("System.Data.OleDb");
    using (DbConnection connection = factory.CreateConnection())
    connection.ConnectionString = ConnectionString;
    using (DbCommand command = connection.CreateCommand())
    command.CommandText = "SELECT * FROM [<strong>Sheet1</strong>$]";
    //the string in bold is the sheet name
    using (DbDataReader dr = command.ExecuteReader())
    //do sth...

    No Comments


    Set JAVA_HOME / PATH for single user

    Login to your account and open .bash_profile file
    $ vi ~/.bash_profile
    Set JAVA_HOME as follows using syntax export JAVA_HOME=<path-to-java>. If your path is set to /usr/java/jdk1.5.0_07/bin/java, set it as follows:
    export JAVA_HOME=/usr/java/jdk1.5.0_07/bin/java
    Set PATH as follows:
    export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
    Save and close the file. Just logout and login back to see new changes:
    $ echo $JAVA_HOME
    $ echo $PATH

    Tip: Use the following command to find out exact path to which java executable under UNIX / Linux:
    $ which java

    Please note that the file ~/.bashrc is similar, with the exception that ~/.bash_profile runs only for Bash login shells and .bashrc runs for every new Bash shell.

    Set JAVA_HOME / PATH for all user

    You need to setup global config in /etc/profile OR /etc/bash.bashrc file for all users:
    # vi /etc/profile
    Next setup PATH / JAVA_PATH variables as follows:
    export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
    export PATH=$PATH:/usr/java/jdk1.5.0_07/bin

    Save and close the file.

    No Comments