Putty SSH – Password-less & timeouts

This article will take you through generating RSA keys using PuTTYgen on Windows for secure SSH connection, settings Putty password-less SSH login,and settings timeouts for connection session.


Introduction

One effective way of securing SSH access to your VPN is to use a public/private key. This means that a ‘public’ key is placed on the server and the ‘private’ key is on our local workstation.

Generate Keys

PuTTYgen

In Windows we will use PuTTYgen to generate our public and private keys. Download PuTTYgen from the official website setup package including PuTTYgen puttygen.exe.

As shown in the screenshot select SSH-2 RSA Key with 2048 bits, hit the Generate button and move the cursor randomly on Putty Key Generator field window in order to produce SSH Keys

PuTTYgen Options

output screen will be as below

PuTTYgen outputs

you can add a Key comment to help you easily identify your key, but for passwordless and automate login without prompet we will keep Key passphrase field empty.

  1. Save both keys (Public and Private Keys) files to a secure location into your device.
  2. Copy the output public key from PuTTYgen window, as below screenshot.

Putty Public Key

Copy the Public Key to the clipboard and paste it at the very end of “append” @ ~/.ssh/authorized_keys on your VPS. If that file doesn’t already exist, you will have to create it (nano ~/.ssh/authorized_keys).

Usage

To make use of your newly generated RSA key pair, you will need to tell PuTTY to use it when connecting to your VPS. Do this by opening PuTTY and going to the “SSH” -> “Auth” section. Browse to where you saved the keys and load the private key as seen below:

PuTTY Key

Timeouts

PuTTY Client side

To keep connection session opend, you need to setting up keepalive value for PuTTY Client side as below screenshot

This will send a “null packet” every 120 seconds on your SSH connections seesion to keep them alive.

SSH Server side

edit or add (if not exist) the following configuration parameters values, for the SSH Server daemon config file:vim /etc/ssh/sshd_config

ClientAliveInterval 120
ClientAliveCountMax 720

This will make the SSH Server send the PuTTY/Clients a “null packet” every 120 seconds and not disconnect them until the client have been inactive for 720 intervals (120 seconds * 720 = 86400 seconds = 24 hours).

PuTTY Session

Make PuTTY use the key every time you connect to your VPN by saving this configuration. After loading your key as shown above, go back to “Session” and save your session:

PuTTY Session

Once you have saved your session, your key will be loaded automatically upon connecting to your VPN.

Summary

Opting for a key-based authentication to your SSH server is beneficial in many ways. By eliminating the possibility of SSH brute-force attacks targeted towards your VPN, the chances of it being compromised are decreased by an order of magnitude.

Author: [email protected] && Netsblog

You may also like...

Leave a Reply