Password less access with private keys

It is possible to configure some common Windows applications such as PuTTY and WinSCP to access our systems without entering a password at every login. This method uses public-private key pairs, a cryptographic system where the public key is disseminated on the remote systems that require secure access. Remote systems authenticate users by comparing the public key with the private key provided by the user. The strength of this system relies on keeping the private key private, using it on systems only accessible by user (e.g. private laptops, desktops).

Generate Public/Private key pair

To generate a public/private key pair we can use PuTTYgen, an application commonly installed as part of Putty.

To create a new key pair, select the type of key to generate from the bottom of the screen, SSH-2 RSA with 2048 bit key size is good for most people. Then click Generate, and start moving the mouse within the Window.

Save at least the private key by clicking Save private key. At this point you can copy or save the public key by clicking Save public key (but bear in mind that PuTTY saves this file in a format non compatible with Hawk). You can always regenerate the public key in a compatible format by loading the private key file (by clicking Load).

Installing the public key as an authorized key on SCW systems

The public key needs to be added to the authorized keys file. WinSCP >= 5.14 allows to automatically add the public key to the authorised keys file (you must first login using your password), for this use Session -> Install Public Key into Server command on the main window, or Tools -> Install Public Key into Servercommand on SSH -> Authentication page page on Advanced Site Settings dialog. 

If you have an older version of WinSCP or prefer to do it manually, login to the system and edit the file located in your home directory in /home/your_username/.ssh/authorized_keys. This can be done in the command line with your preferred text editor (if using WinSCP, make sure to enable “Show hidden files” in Options -> Preferences -> Panels to show the .ssh folder).

Enable password less access from PuTTY

Open PuTTY and navigate to Connection -> SSH -> Auth on the left hand pane. Browse for the private key file previously generated. Go back to Session and amend your details if needed or click Open. You should be able to access the system without entering your password.

Enable password less access from WinSCP

Open WinSCP. In the login window click on Edit, Advanced, navigate to SSH -> Authentication, click on the three dots and look for the private key file. Ok and Save. This should allow you to access your files without entering your password from now on.