How to use PuTTY Key Generator

Generate SSH Key using PuTTY Key Generator

OpenSSH keys are used to log in to a Linux host without a password query prompt, or to run in batch processes, for example to enable authentication from scripts.

Generate OpenSSH Key

Generate OpenSSH Key

The PuTTY Key Generator generates a key par, after which the public key is copied to the remote host.

The PuTTY Key Generator generates a key par, after which the public key is copied to the remote host.

In the key comment field, your own email address can be entered, the generated private key is stored as privkey.ppk, the public key is stored as pubkey.ppk. The public key is stored on the remote host under the user’s home path in the .ssh directory in the authorized_keys file, and nothing can be changed in the copy & paste of the content.

The directory .ssh should have the right 700 and the owner must be user. The user user should serve as an example here.

PuTTY with OpenSSH Key

The host should be logged in to this one, with the IP or host name in the Session and Host Name (or IP address) section.

PuTTY the IP or host name in the Session and Host Name (or IP address) section.
Illustration: PuTTY session

The path to the private key generated with PuTTY Key Generator is entered under Connection – SSH – Auth.

The path to the private key generated with PuTTY Key Generator is entered under Connection - SSH - Auth.
Illustration: SSH authentication

Auto-login username defines the user who should authenticate.

Auto-login username defines the user who should authenticate.
Illustration: Auto-login username
It’s done

With SSH daemon, key authentication is enabled in the configuration file /etc/ssh/sshd_config

Tip! PuTTY can be run in command-line, so scripts can be performed.

plink give the possibility to use PuTTY via CLI.

Server 2012 Enhanced Security Configuration

Disable enhanced security configuration for Internet Explorer

Newly installed Windows Server 2012 uses the so-called enhanced security configuration for Internet Explorer by default. This blocks the functions of the browser in such a way that it can no longer be used for websites from the Internet security zone. If you actually need a browser on a server, e.B. for MS software components of the required services for further installations, then this feature can of course be switched off.

how to do it

If you visit only a manageable number of sites, you can include them in the trusted sites group, where they are exempt from the strict restrictions of enhanced security configuration.

However, if you are annoyed by the constant security warnings, the restrictive setting can be deactivated.

Server Manager 2012
Server Manager 2012

Disable enhanced security configuration.

Enhanced security configuration for IE
Enhanced security configuration for IE Off

Internet Explorer security alerts no longer appear, but protection no longer exists. The new browser Microsoft Edge provides better protection against web pages with malicious code.

PuTTY SSH Port Forwarding

SSH Tunnel with PuTTY

PuTTY can produce more than just terminal sessions, with the option SSH port forwarding can be initialized in simple ways.

After PuTTY is started, you enter the IP of the target host under host name, or the server name, which is usually a firewall, a router or a host with a global IP address.

PuTTY Configuration
PuTTY Configuration

Here in our example, on the host 212.117.203.98, our PBX is made with the port forwarding to a SIP phone, and then configured via the web browser, the host can also be an FQDN of a DNS resolvable host.

Here in our example, on the host PBX is made with the port forwarding to a SIP phone
PuTTY SSH port forwarding

In the lower part of SSH, the tunnel point is selected. After that, the starting point and the end point of the tunnel are entered:
Source port: 8888
Destination: 172.30.10.10

PuTTY SSH port forwarding
PuTTY SSH port forwarding

The action is completed with a click on Add. The data from the tunnel has now been adopted. The settings are saved above under Session by clicking on Save Permanent.

Clicking on Load and Open will establish the connection. The well-known terminal console opens with the prompt to log in. There you log in as a normal user, so the tunnel is established.

Now you open the web browser and enter the following localhost address https://127.0.0.1:8888/. After that, as here in our example, the login dialog of the SIP-Phone WebGUI begins, which we can now configure. Other ways to use SSH tunnels are available for Synology DS, SAN Memory, Unix/Linux Hosts, or Mac OS X.

Note. The SSH option AllowTcpForwarding yes must be enabled on the server, default is yes entered in the server configuration file /etc/ssh/sshd_config.

For the host behind a firewall, it must be accessible via port 22 Static NAT forward.

PuTTY can be used by passing numerous parameters.

PutTY Link
PuTTY shortcut

Insert the following line as the target for the link:
“C:\Program Files (x86)\PuTTY\PUTTY. EXE” -l jolly -pw password -4 -L 8888:172.30.10.10:80 -X :0 -load PBX

Wherethe parameters mean the following:
-l the login name
-pw the password
-4 it should be used IPv4
-L of the Destination Port and the IP
-X for X11 forwarding
-load open saved session