Efficient PuTTy workflow / configuration

4

PuTTy is a fine SSH client, but how do you get a workflow managed as slickly as OpenSSH on Unix? My issues with PuTTy's management are:

  1. PuTTy tools are not in my PATH (easily fixable)
  2. PuTTy seems to have no equivalent of ~/.ssh, so I end have to manually choose locations for my keypairs, and then manually tell all the tools where to find them every time
  3. The private key's read permissions seem lax (I might be wrong about this, I a klutz on Windows).
  4. Pageant doesn't run by default (easily fixable?)
  5. Other programs don't reliably find pageant

I suspect all of these problems can be fixed if I just get set my system up properly, and/or organise a nice workflow that fits into PuTTy's way of doing things. So can anyone share some success stories about managing PuTTy?

Adrian Ratnapala

Posted 2012-01-05T02:58:31.940

Reputation: 458

Doesn't Putty save your keypairs under c:\users\USERNAME\.ssh? It does on my Windows7 machine. – kobaltz – 2012-01-05T04:53:44.400

@kobaltz, only if the user tells it to. There is no default location. – user1686 – 2012-01-05T09:56:34.070

1

An alternative you might want to consider is Cygwin with its openssh package and PuTTY-derived but more xterm-compatible default terminal. Admittedly that's a lot heavier than PuTTY though if all you need is ssh.

– ak2 – 2012-01-05T10:34:56.547

It's true that c:\users\USERNAME\.ssh is not a default for saving. But it would be nice if tools will look there by default when they need to read a key. Does this happen? – Adrian Ratnapala – 2012-01-08T05:25:34.950

Answers

2

1 is, as you said, easily fixable.

For 2, both OpenSSH and PuTTY have a concept of an "agent" - a background process holding your keys in memory. For OpenSSH this is ssh-agent, and PuTTY comes with Pageant. In both cases, the keys can be loaded once - usually at login time - after which the SSH client will simply ask the agent to sign the authentication data, without needing the location of the actual key.

The obvious advantage is not needing to re-enter the key's password every single connection, but there is more to it - both clients support agent forwarding, where you can connect to a (relatively trusted) machine and use the local agent remotely (for example, you can connect from local to hostX, from hostX to hostY, from hostY to hostZ), and the key will never leave your local machine.

3 is not a critical problem since Windows user profiles are not publicly accessible by default (I may be wrong here; will check later). Besides, your key is password-protected while on disk, and the permissions can be easily changed.

4 - just copy Pageant's shortcut into the Startup folder in Start Menu - Programs. (Alternatively, point the shortcut to your key file, to have it loaded on login.)

As for 5, cannot reproduce - I've used PuTTY and WinSCP for many years and Pageant worked fine. The only reason I can think of, is the recently introduced bug, fixed in PuTTY 0.62 - it made 0.60 core and 0.61 agent incompatible. Just upgrade to the latest version and it should work. If it doesn't, at least clarify on which programs you are trying.

user1686

Posted 2012-01-05T02:58:31.940

Reputation: 283 655

2,4: Ok, so I guess making the keyfile easy to reach will kill too birds with one stone. 3: Yes I suppose the main thing is to encrypt it with a good password. 5: We will see. This happens on Unix to, but is OK because I understand the rules (SSH_AUTH_SOCK etc. is not being inherited). I expect Windows is no worse. – Adrian Ratnapala – 2012-01-08T05:33:46.950

Pageant on Windows does not use environment variables (although it is possible to pass them over to Explorer); the clients use window messages to find the agent. – user1686 – 2012-01-08T14:51:25.903

I said "no worse". I didn't say it would work the same way! All I know is that it didn't work when I tried it out before. Probably after a reboot it will all be fine. – Adrian Ratnapala – 2012-01-09T16:12:48.320

2

How to improve your PuTTY experience:

  1. Use pagent: Putty Agent will manage all of your keys for you and you can also start your known connections from it. So if you have a saved "mail server" connection, you just click your pagent icon in the task tray and select "mail server". Done.

  2. Load your keys automatically on pagent startup: This is important and saves a lot of time. You simply create a shortcut to pagent.exe and edit the path to your keyfile(s) "C:\Program Files\PuTTY\pageant.exe" C:\Path\to\myKeys\MyKey.ppk You will then start pagent with the shortcut not by going directly to the file. It will only ask you for your key passphrase once, when you load it for the first time.

  3. Let pagent handle your keys, not putty: In all of your saved putty auth configurations, remove the key and make sure agent forwarding and use pagent are checked and nothing else.enter image description here

Or use something better than PuTTY:

While most of your concerns are easily addressed, I have switched to MobaXterm. The workflow is much better overall.

  1. The application is portable: Just like putty, so you don't need admin rights to run it.

  2. Starts with a Cygwin(linux) terminal: This means you can do complex scp/sftp rsync operations that you cannot do with PuTTY.

  3. Dedicated ~/.ssh/ folder so you can build all of your configurations exactly like you would in linux. You also can use standard OpenSSH key formats instead of .ppk.

  4. Improved tabbing: You can have tabs or dedicated windows.

  5. Built in X server: You can literally run remote X windows to access graphical tools with little to no setup.

  6. Great license: They use GPLv3 for their Free Personal Edition and allow use for commercial purposes as well.

MattPark

Posted 2012-01-05T02:58:31.940

Reputation: 1 061

Asked: 2012-01-05T02:58:31.940

Viewed: 646 times

Active: 2013-10-17T15:35:39.433