This guide is intended for Windows users who are not accustomed to using SSH, or need some additional support for understanding how to work with SSH from their machine (e.g. challenges with key pairs).
It describes how to start using the free, open-source program PuTTY, to securely connect a client computer to a remote Linux/Unix server.
Many of the tutorials to follow will refer to using PuTTY, which is a popular SSH client for Windows workstations.
The important thing about PuTTY is that it is a secure way to connect a client to a server, using the SSH network protocol. It has a powerful and easy-to-use graphical user interface (GUI) and is used to run a remote session over a network.
What is SSH? It is short-form for “Secure Shell,” which means it creates a secure channel over an insecure network—like the internet, for example.
How does SSH do this? By encrypting the communications between the client and the server, using public-key cryptography, which means that a key-pair is generated—one of them public, and the other private, or secret, known only to the user.
Since CFEngine is a client-server enterprise software system, it is essential to access the servers securely. This is true whether the CFEngine system is run on a cloud platform, like Amazon Web Services and many others—or on a private network.
That is where PuTTY comes into the picture, since it uses SSH protocol for connecting a client to a server.
The PuTTY software consists of two separate programs PuTTY and PuTTYgen: They can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
PuTTYgen is used to generate the encryption key pair while PuTTY, a command-line interface, is used to securely access the CFEngine server, or hub, from a remote client machine, which is called a host in CFEngine terminology.
PuTTYgen is used only when setting up a new client machine on the CFEngine hub. The CFEngine hub will already have an encrypted key-pair that was created when setting up the hub. (See the tutorial, [Installing CFEngine on RHEL Using AWS][Using Amazon Web Services])
The following steps describe how to get the client machine, up and running using PuTTYgen and PuTTY. There are two distinct steps to this process:
Step 1. Use PuTTYgen to create an encrypted key-pair in the .ppk file format that PuTTY uses.
(It is important to note that the key-pair on the hub will probably be in a file format that is different from the PuTTYgen .ppk file format. For example on Amazon Web Services (AWS) and many other cloud computing services, the key-pair file format created when setting up the server (hub) will be in the .pem file format.)
Step 2. Configure the PuTTY application in order to securely access the CFEngine hub.
Step 1. consists of the following sequence: First, launch PuTTYgen by double-clicking on the puTTygen icon in the Windows programs menu tree; (It should be inside the PuTTY folder that was created when the PuTTY was downloaded and installed.)
Next, download the key-pair and save it on the local hard disk in the .ppk file format.
a. Click Load. The following Load private key window will pop up:
b. In the Load private key window select All Files (.) in the drop down menu next to the File name input box.
c. Navigate to the location on disk where the public-key file was downloaded in earlier steps, in this case a .pem file. Click Open. The following window will appear:
d. Enter a Passphrase and confirm the Passphrase. If no Passphrase is desired, leave those fields empty.
e. When the key has been loaded click the Save private key button.
f. If saving without a Passphrase a dialog box will pop up; click yes to save the key without a Passphrase
g. Now close PuTTYgen.
puttygen.exe
from the download location, if downloaded directly.Windows
key + R
key and then type puttygen
in the field named Open
. Then press the Enter
key or click OK
.C:\Program Files (x86)\PuTTY
(when using Windows 64 bit) or C:\Program Files\PuTTY
(when using Windows 32 bit).The Puttygen Interface. You will load the .pem file that you created in AWS.
The Puttygen popup window. Click Yes
, to proceed without a passphrase. You can also protect your private key with a passphrase that you enter into Key Passprhase
and Confirm Key Passphrase
.
putty.exe
from the download location, if downloaded directly.Windows
key + R
key and then type putty
in the field named Open
. Then press the Enter
key or click OK
.putty.exe
under C:\Program Files (x86)\PuTTY
(when using Windows 64 bit) or C:\Program Files\PuTTY
(when using Windows 32 bit).Category > Session
on the left side navigation tree:The Putty interface, with Session
selected on the left-side navigation tree.
ec2-user
, followed by the @
symbol, which is then followed by the DNS entry.Setting up the PuTTY configuration with the Host Name, and a Saved Sessions Name.
22
.SSH
.Saved Sessions
can be any label.Once we have entered our Host Name and our Saved Sessions name, we take the following steps:
Connection > SSH > Auth
on the left side navigation tree.Browse
button to select the Private key for authentication
.Select private key file
window, navigate to the .ppk private key file created earlier, and double-click on it to enter it into PuTTY. Your PuTTY screen should look like this:Note that Auth
has been selected on left-side tree, in order to bring up this screen.
Category > Session
on the left side navigation tree and then press the Save
button.Examples 1 and 2.
Connection > SSH > Auth
through selecting the .ppk private key file. In other words, when configuring the connection the private key file may not be persistently saved.Yes
if prompted.The PuTTY interface with the two virtual machines saved. We can now proceed to configure those virtual machines with CFEngine.
The PuTTY command-line window, which we will use to configure the virtual machines with CFEngine.