Site hosted by Angelfire.com: Build your free website today!

How-to: Use PuTTY (a graphical tutorial)

 

About this document:

This document is designed to introduce you to PuTTY, the windows terminal emulator program for Unix-like systems.

Repeat after me: PuTTY is your friend. It connects your sessions, it forwards your ports, it generates your key files, it guards you while you sleep. Don't f*ck with it.

 

Audience:

This document is designed for both the clients connecting to your services as well as yourself, as PuTTY will be the glue (no pun intended) between you and your soon to be secure tunnel.

           

What you’ll need:

* PuTTY suite. It can be obtained here: http://the.earth.li/~sgtatham/putty/latest/x86/putty.zip

            You are most encouraged to read the documentation on PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/

* A Windows 2000 based computer

* Recommended, PuTTY tray: http://www.xs4all.nl/~whaa/putty/

 

Before you start:

            PuTTY tray is a wonderful invention designed to make your life less annoying, so after you download the latest PuTTY suite and unzip it, replace putty.exe and pagent.exe with the PuTTY tray versions. They work the same except for the fact that PuTTY tray highlights weblinks and lets you minimize to a tray icon.

 

putty.exe:

This is what it looks like:

When you first open it. PuTTY operates by saving your preferences in sessions. This becomes important because in order to connect as a limited client to the server we are going to make you are going to need to specify a few options each time you connect. These can easily be brought back by saving your session. You will notice that I have opted to open sessions from file. This is more useful (in my opinion) than saving them to the registry (especially if you are on a public computer!). Type the address of the server you are trying to connect to in the Host Name box.

 

This is a shot of the window behavior tab. It's useful in specifying how PuTTY is going to minimize, close, and otherwise behave. Setting this is up to you, but the defaults work fine:

The SSH tab is especially important to our setup:

Clients who are setup inside the jail (this will make sense as you follow the tutorial) will not have access to a terminal by default as a security precaution. PuTTY requests a terminal by default. The result? If you try to login and request a terminal, you will be kicked off the server. So, if you are a user in the jail, remember to select "Don't start a shell or command at all". Compression is optional, I opt for it though.

 

The Auth tab asks you how you are going to establish a connection:

I'm not big on giving out the passwords of my machine to other people. In the sshd_config file that I provide (this will make sense as you follow the tutorial), I opt to disallow password authentication and use public-key cryptography. This essentially means you will have your client generate a key-pair (the keys necessary to gain entry into your server) and you will tell your server to grant that key-pair access. The client will retain his private key, while he gives the public key to you. Because the server now requires a key to enter (i.e. because you cannot simply enter a Unix password for the specified account), the client will have to give the path to his public key in the "Private key file for authentication" box. This is very important! Without the right key you won't get in. The rest of the defaults on this tab are sufficient.

 

X11:

Make sure X11 forwarding is disabled. We're not going to allow it anyways.

 

Tunnels:

Here's where the beauty of the entire program comes in. You can forward anything TCP, and I mean almost anything, using this tab. You just need to know how to use it... The source port is the port that the client is going to connect to using whatever TCP-based program you and the client agree upon. Let's say FTP to make it simple here. Let's say the client specifies the source port to be 3000. This means that a connection using any FTP client to the address localhost:3000 will be redirected to PuTTY, PuTTY then requests that this data be forwarded to the address specified in the "Destination" which is a computer running an FTP server somewhere on your local network (the form of the Destination dialog box is an ip address followed by a port "host:port"). Because your local network is firewalled and generally inaccessible to the outside world, the SSH server serves as a gateway keeping your local network secure to the outside. Be sure to allow connections on the local network from the Linux computer and allow your router to open port 22 to the Linux computer.

 

puttygen.exe:

This program allows the client to generate a key file to connect to the server.

First, you decide the bitlength at the bottom (I recommend a minimum of 1024 bits) and then you select the type (I recommend SSH-2 RSA) hit generate key:

PuTTY knows that random number generators suck. They're pseudorandom at best. That's why it asks you to move your mouse within the box to create randomness:

Then you'll get a screen like this:

Assign a passphrase to the private key you generate. Save this as a PuTTY private key (*.ppk) and keep this in a safe place. Although your keyfile is password protected, if you lose it, tell the server administrator immediately so you can pitch that key file and generate a new one. The data printed at the top, the one for pasting into the authorized_keys file of an openssh server is what the server administrator is going to need to permit you access (more on this as you do the tutorial). Feel free to change the comment to whatever you like before saving your private key or giving the public key away, just be sure not to insert any white space (spaces) into the text.