Launch PuTTY SSH connection from KeePass

Tutorial to deploying PuTTY to launch an SSH connection in Windows 11 using by KeePass Password Manager

Launch PuTTY SSH connection from KeePassPuTTY launch SSH connection

In the first step launch KeePass, then go to the Integration section via ToolsOptionsIntegration tab, and click the URL Overrides button, now add a new schema entry with click Add.

As a schema name I use here in the example “putty”. In the URL override field, add the following line.

In the URL Override window, click Add for a new scheme.

cmd://"%ProgramFiles%\PuTTY\putty.exe" -ssh {USERNAME}@{TITLE} -pw {PASSWORD}

Confirm with OK and close KeePass and start again.

Open SSH connection via PuTTY from KeePass started

Now launch PuTTY as SSH terminal out from KeePass by double-clicking on the entry in the url column.

what is PuTTY

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name “PuTTY” has no official meaning.

PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and macOS.

PuTTY was written and is maintained primarily by Simon Tatham, a British programmer.

what is KeePass

KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices, which normally work with the same copied or shared (remote) password database. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system (as opposed to cloud storage).

KeePass supports simultaneous access and simultaneous changes to a shared password file by multiple computers (often by using a shared network drive), however there is no provisioning of access per-group or per-entry. As of May 2014, there are no plugins available to add provisioned multi-user support, but there exists a proprietary password server (Pleasant Password Server) that is compatible with the KeePass client and includes provisioning.

Windows Terminal SSH connection from KeePass

This tutorial shows how to deploy and use SSH from the Windows Terminal on Windows 11, using the KeePass Password Manager.

Add KeePass URL Override Scheme

In the first step with launch KeePass, a schema element for URL Override is created in KeePass, go to Tools – Options.

SSH Windows KeePass Click Tools Options

Click the Integration tab, then the URL Overrides button at the bottom.

SSH Windows KeePass Options Integration

In the URL Override window, click Add to enter a new schema.

KeePass URL Overrides for Windows Terminal using SSH

As a scheme name I use “winterm” here. Under URL override, insert the following line.

cmd://wt ssh "{USERNAME}@{TITLE}"

  run “wt” to start the windows terminal emulator, then append the user name in brace and the hostname from the title field.

Confirm with OK and close KeePass and start again.

KeePass Add Entry for SSH in Windows Terminal

After our schema element winterm is created, we create a new entry with choose Add Entry, enter the hostname in Title, enter User name and Password, in the field URL insert “winterm:” append with colon.

SSH Windows KeePass Add Entry

Start Windows Terminal SSH session

KeePass double-click the URL item

The saved entry is now available, with a double click on URL the SSH connection is started here to the Linuxmint.

SSH from Windows Terminal on Windows 11 using KeePass

Windows Terminal connect SSH launch from KeePass

Public key authentication

SSH authentication using public key in Windows Terminal launch from KeePass is not only more secure, logging in without entering a password is also easier. For this purpose, a key pair is generated on the client, the public part of the key is transferred to the server, then the server is set up for asymmetric encryption and authentication, more on this in the tutorial here or find on ssh-keygen how it works.

Under the path of the Windows user profile, create a directory “.ssh”, with dot (.), the easiest way to change to the path is to enter “%USERPROFILE%” in the Windows Explorer address bar.

Windows Explorer Address Bar User Profiles

The directory for e.g. c:\users\james\.ssh, which contains the file with the private key “key-ecdsa“, as well as the file “config“.

.ssh folder under the user profile

  The known_hosts file is automatically generated by SSH as soon as a connection has been successfully authenticated for the first time. SSH add fingerprints to known_hosts to avoid Man-in-the-middle attacks.

We create the “config” file using the Notepad Editor, paste in the following lines.

Host linuxmint
     HostName 10.10.10.10
     User james
     IdentityFile ~/.ssh/key-ecdsa
     ServerAliveInterval 60

The host name is that one we use in KeePass at Title, the user i.e. james, the key file refers with IdentityFile to the file “key-ecdsa” under %USERPROFILE%.ssh.

SSH Windows keepass, create the "config" file using the Notepad

  OpenSSH on Windows is a port from the OpenBSD-project (open source), on unixoid operating systems the tilde (~) character is used as a relative path to the user home directory, known on Windows as the environment variable %USERPROFILE%. A leading point in file names and directories (.ssh) applies to hidden files and directories on unixoid systems.