Committer SSH Configuration on Windows

Windows users have a choice to when make when using SSH to access people.apache.org : to either install cygwin and use the standard command line tools or to use Putty which provides a graphical user interface.

Non-Windows-specific documentation is also available, and generally contains details that are not repeated in this document.

Setting Up Putty

Describes how to create a public/private key pair and how to configure Putty to use them to access people.apache.org.

Download & install Putty

Putty can be downloaded here. Double-click on the downloaded Installer package to install Putty to a suitable location. Once installed it will be easier to transfer files using PSFTP if the Putty directory is in your Path.

Putty comes with Puttygen , Pageant and PSFTP amongst other things. We will be using all the ones just mentioned.

Create A Public/Private Key Pair Using PuttyGen

  1. Double-click on Puttygen to start the authentication keys creation process.

  2. Ensure that Type of key to generate has SSH RSA checked.

  3. Click on Generate to create a random key (and move the mouse around to supply the required entropy).

  4. Leave the Key comment on its default description or change it if you wish.

  5. Enter a Key Passphrase which will protect your private key and confirm it.

  6. Click on Save Public Key and save it as yourapacheusername.pub.

  7. Click on Save Private Key and save it as yourapacheusername.ppk.

This next step is important, although we have saved your Public Key as yourapacheusername.pub , we don't actually use this next (but it is saved for use in other scenarios). We now need to create an authorized_keys file.

Copy the Public Key information in the top box and paste into notepad and save the file as authorized_keys. Note that the file must be called precisely this and there must also be no extension. Ensure notepad does not add one when you save it.

Finally, close Puttygen.

Upload The 'authorized_keys' file using PSFTP

  1. Open a DOS Prompt box and navigate to the location where you stored your authoriized_keys file.

  2. Type psftp people.apache.org into the prompt.

  3. A connection will be made to people.apache.org and will ask for your login username and then password. (Once we have completed this tutorial you will no longer be asked this)

  4. Create a new directory in your area called .ssh

  5. Type chmod 700 .ssh. This ensures only you can then enter this directory.

  6. Navigate into this directory with cd.ssh.

  7. Upload your authoriized_keys file. with the command put authorized_keys.

  8. Type exit to logout from your people.apache.org private area and from psftp itself.

Add Key to Pageant and run Pageant

This is probably the most overlooked but most important step for Windows users. We need to load a key into Pageant and have Pageant running all the time in memory so that other applications can use the keys created earlier. Otherwise, when entering people.apache.org Putty or PSFTP will prompt for user and password once again regardless of the work we have just done.

  1. Open Pageant and click on Add to add a new key

  2. browse to your yourapacheusername.ppk private key file and load this in,

  3. Click on Close to close this window. Note Pageant is still running with an Icon in the system tray.

You should now be able to login without being asked for your username or password any more :) Try it! From the DOS command box type in psftp people.apache.org. You should log right in with no more to type!

Note that whenever you Exit Pageant, or restart your computer, you will need to restart Pageant and Add your key in again. Pageant does not keep details of loaded keys between sessions.

Configure Putty to Login using your Keys

  1. Open up Putty.

  2. Specify people.apache.org as the Hostname.

  3. Ensure SSH protocol radio button is checked.

  4. Choose the Data sub-category of Connection

  5. Fill in your Apache username for auto-login username.

  6. Click on the SSH Category.

  7. Ensure SSH 2 Only radio button is checked.

  8. Click on the Auth sub-category of the SSH Category.

  9. Ensure Attempt "Keyboard Interactive" auth (SSH 2) checkbox is ticked.

  10. Click the Browse Button and locate and load your Private Key you saved earlier as yourapacheusername.ppk.

  11. Go back and click on the Session Category and Save this session choosing a suitable name.

Good, all the details are now saved for future use. All you need do now is click on the Open button to open a secure connection to the server and to log in automatically to your personal area of people.apache.org. You will still be asked for a password if this is the first time connecting to your area, after which you'll just go straight in.

Relevant Links