Category: SSH

Categories
cacti Cacti Examples CactiEZ Linux SSH Ubuntu

Install CactiEZ on Windows 2008 Hyper-V

CactiEZ (Cacti Made Easy) is a self installing Linux Distribution based off CentOS that sets up and configures a customized Cacti install. Everything is designed to be completely automated and working directly out of the box. This compact distro is loaded with extra features such as Syslog and Netflow data collection, Weathermaps, Reports, Auto Discovery, Router Config backup, Nagios, and much more!

This guide provides instructions for installing CactiEZ as a VM on Windows 2008 Hyper-V.

This contains some fairly detailed instructions so someone new to this setup should have enough info to get completely running.  However, since I know some of you out there are in a hurry here’s the Cliff Notes version:
  1. Don’t use the default network adapter – DELETE it!
  2. Add a legacy network adapter.
  3. Install CactiEZ.
Full Instructions for Installing CactiEZ on Windows 2008 Hyper-V
Download the CactiEZ ISO – get this started now so it will be done by the time your’re ready for it.  By default the CactiEZ ISO is a tarred file so you will have to untar (unzip) it before you can use it.  If you don’t already have a Windows-based program that can handle tarred files 7-zip is a great, FREE, utility.  NOTE: in Windows you may have to unzip twice; CactiEZ-v0.6.tar.gz will unzip to CactiEZ-v0.6.tar from which you can extract CactiEZ-v0.6.iso.
Step One: Create the VM on Hyper-V
  • Launch the Windows Hyper-V Manager (Start, All Programs, Administrative Tools, Hyper-V Manager).
  • Select NewVirtual Machine.  Give it a name.  Click Next.
  • Specify memory (RAM).  In this example I’m using 1024 MB.
  • On the “Configure Networking” screen just click Next – we will delete this later anyway.
  • Create a new virtual hard disk using the name, location and size of your choosing.  I created a 10GB virtual HD which should be more than enough for CactiEZ.
  • On the “Installation Options” screen make sure to choose “Install and operating system later.”
  • Click Next, uncheck “Start the virtual machine after it is created” and verify your settings, then click Finish.
    At this point if your VM started you will receive a boot failure message.  Don’t worry, you can safely ignore this and Turn Off the VM.
    Step Two: Customize VM Settings
    • From Hyper-V Manager right-click your new VM, then select Settings.
    • Remove the current Network Adapter.
    • Click Add Hardware and select Legacy Network Adapter, then Add.
    • On the Legacy Network Adapter select the correct adapter from the Network drop-down list
    • Click OK to save settings.
    Step Three: Install CactiEZ
    • Double-click your VM to open the Virtual Machine Connection window.
    • Click Media, DVD Drive, Insert Disk and browse to your (extracted/unzipped) CactiEZ ISO.
    • Start (Power On) the VM & it will begin the CactiEZ server installation.
    • Select whether to install the 32 or 64-bit version and let her rip.  The CactiEZ installation is almost completely automated so just let it run.  When prompted reboot the VM.
    After the system reboots its IP address will be displayed (assuming you have a DHCP server available on the network).  You can certainly change the IP address to a static one if you’d like (instructions below).
    Step Four: Logon to Your CactiEZ Server
    Now that your server is installed logon through the Virtual Machine Connection window.  The default username and password are root, CactiEZ.

    Once logged on the first thing I did was set a static IP address using:

    netconfig

    With the IP address and related settings set appropriately restart the network using:

    service network restart

    You may also want to synchronize your time using:

    ntpdate -u 0.pool.ntp.org

    And set your timezone with:

    yum install system-config-date
    system-config-date

    See more CactiEZ tips and hints here.

    NOTE: By default CactiEZ installs SSH so you can connect remotely with something like PuTTY.
    Step Five: Connect to and Configure Cacti

    Using a browser connect to your new installation of Cacti using http://<IP Address>.  The default user is ‘admin’ and the default password is ‘admin’ as well.  You will be prompted to change the password.

    Now you can knock yourself out configuring and using Cacti.  Here’s more logon information from CactiEZ.

    See also

    Categories
    Apple Linux SSH Ubuntu

    Ubuntu VM on Windows 2008 Hyper-V

    How the Hell do I get networking to work on a Ubuntu VM on Hyper-V in Windows 2008?

    This is a question I have personally grappled with a few times.  Although I was able to successfully install a Ubuntu 8.10 server on Hyper-V with networking over a year ago I forgot how it was done and pulled my hair out trying to figure it out again the other day.  So I thought I’d jot down a few notes to help me remember.  If this  helps anyone else, that will be great too.

    These instructions are for Ubuntu 9.10 server on Windows 2008 Hyper-V.  As mentioned above this works for Ubuntu 8.10 server as well; and presumably other versions although I haven’t verified.

    This contains some fairly detailed instructions so someone new to this setup should have enough info to get completely running.  However, since I know some of you out there are in a hurry here’s the Cliff Notes version:

    1. Don’t use the default network adapter – DELETE it!
    2. Add a legacy network adapter.
    3. Install Ubuntu.
    Full Instructions for Installing Ubuntu 9.10 Server on Windows 2008 Hyper-V

    Download the Ubuntu 9.10 server ISO – get this started now so it will be done by the time your’re ready for it.

    Step One: Create the VM on Hyper-V
    • Launch the Windows Hyper-V Manager (Start, All Programs, Administrative Tools, Hyper-V Manager).
    • Select New, Virtual Machine.  Give it a name.  Click Next.
    • Specify memory (RAM).  In this example I’m using 1024 MB.
    • On the “Configure Networking” screen just click Next – we will delete this later anyway.
    • Create a new virtual hard disk using the name, location and size of your choosing.
    • On the “Installation Options” screen make sure to choose “Install and operating system later.”
    • Click Next, verify your settings, then click Finish.
      At this point if your VM started you will receive a boot failure message.  Don’t worry, you can safely ignore this and Turn Off the VM.

      Step Two: Customize VM Settings

      • From the VM Window click File, Settings.
      • Remove the current Network Adapter.
      • Click Add Hardware and select Legacy Network Adapter, then Add.
      • On the Legacy Network Adapter select the correct adapter from the Network drop-down list
      • Click OK to save settings.
      Step Three: Install Ubuntu
      • Click Media, DVD Drive, Insert Disk and browse to your Ubuntu ISO.
      • Start (Power On) the VM & it will begin the Ubuntu Server installation.
      • Select your Language, then “Install Ubuntu Server.”
      • Select your desired Country and keyboard layout.
      • Enter your desired hostname, then continue.
      • Select your timezone.
      • Partition your disk using the default, “Guided – use entire disk and set up LVM.”
        • Select your disk to partition – if you followed these instructions you will only have one.
        • Select YES to write the changes to disks and configure LVM.
      • Follow the prompts to setup users and passwords, creating at lease one user.
      • Select whether or not to encrypt your home directory.
      • If you have a DHCP server on your network your adapter should retrieve and IP address and associated info from that server.  If not, you will be prompted for IP address settings.
      • Choose how to manage upgrades on your system.
      • Choose which software to install (note, depending on which option(s) you select additional questions will be asked during install which aren’t covered in this tutorial):
        • Cloud computing cluster
        • Cloud computing node
        • DNS server
        • LAMP server
        • Mail server
        • OpenSSH server – You may want to install this to connect via SSH later.
        • PostgreSQL database
        • Print server
        • Samba file server
        • Tomcat Java server
        • Virtual Machine host
        • Manual package selection
      • At the “Finishing Installation” screen select Continue.

      Step Four: Logon to Your Ubuntu Server

      Now that your server is installed logon through the Virtual Machine Connection window to verify network settings and connectivity.  Type ifconfig to view your network settings.  You should have an interface, eth0, with either a DHCP-assigned address or the one you manually entered during installation.

      You could verify correct network operation by pinging a know good host on your local network and/or a host on the Internet.  In my case I pinged my default gateway and powercram.com.  Both responded with replies.

      Finally, now that my Ubuntu Server is setup and networking is configured properly I will probably never (hopefully) use the Virtual Machine Connection window again, rather I will use my favorite remote connection client, PuTTY.

      Since I neglected to install Open-SSH Server during the Ubuntu installation I had to install it before I could use PuTTY using:

      sudo apt-get install openssh-server


      Categories
      Linux SSH Ubuntu

      Upgrade Ubuntu Server From 8.10 to 9.10 – How To

      You can use the following steps to easily upgrade Ubuntu Linux server (or workstation) 8.x to 9.10 (latest version as of this posting), either locally or remotely over ssh from a terminal command line.

      Note: Backup important data and configuration files first.

      First, apply latest updates to Ubuntu 8.x using:

      sudo apt-get update
      sudo apt-get upgrade

      Next, install update-manager-core (if it is not already installed):

      sudo apt-get install update-manager-core

      Finally, start the upgrade:

      sudo do-release-upgrade

      And just follow the on-screen instructions to complete the Ubuntu 9.10 upgrade.

      Categories
      Amazon Web Services AMI AWS EC2 AMI EC2 API ELB tools Linux SSH WGET Windows

      Installing EC2 Command Line Tools on Windows

      UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

      NOTE: This tutorial contains information for both AMI and API command line tools along with ELB tools. Most users will need the API tools, some the ELB tools, and not many will need the AMI tools.

      There are a number of GUI tools for working with Amazon EC2 services such as ElasticFox, RightScale and AWS Management Console.  However often you need to use the command line tools because you want to script a task, or access features that a GUI tool doesn’t provide.

      There are several guides and tutorials on installing and configuring the command line tools on Linux, but not much for Windows.  So this aims to be THE GUIDE to setting up the EC2 API, ELB and EC2 AMI command line tools on Windows.

      Prerequisite
      The first requirement is to have Java 5 or later installed.  If you don’t already have it download and install from here.

      AWS Command Line Tools Directory
      I like to organize my programs a certain way so I installed the tools to c:adminaws.  You can install the tools wherever you like.  Note, this is where you may store your certificates, the services API files, etc.

      Download Amazon command line tools
      I used wget (for Windows) to download the files:

      wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
      wget http://ec2-downloads.s3.amazonaws.com/ElasticLoadBalancing-2009-05-15.zip
      wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip

      Alternatively you could download one or both directly from your browser.  EC2 API Tools.  ELB Tools.  EC2 AMI Tools.

      Unzip all three files. Each will unzip to separate directories, usually including the version number of the tool.  To simplify things I moved all files from their respective locations to the following directories:

      c:adminawsec2-api-tools
      c:adminawsec2-elb-tools
      c:adminawsec2-ami-tools



      Retrieve and Store AWS Certificates
      Authentication to AWS uses a certificate and private key.  You will have to retrieve these files from AWS.

      Logon to the AWS Console and scroll down to the X.509 area.  You may have to create a new certificate.  Once you do Amazon will provide you a Private Key File (pk-.pem) and a Certificate (cert-.pem).

      KEEP THESE FILES PRIVATE.  Possession of these two files give you (or anyone else with them) access to your AWS account.

      Configure Environment Variables
      You need to configure your command line environment with a few environment variables. 

      Method 1
      This method is used to launch a command prompt with required settings.  These settings are available only for this session.  If you’d like to configure your system to have these settings available always and system-wide use method 2.

      Create a batch file in c:adminaws called awsTools.bat.  Edit this file with the following text:

      REM Path should contain binjava.exe
      set JAVA_HOME=”C:Program Files (x86)javajre6″

      REM Path to Primary Key and Certificate retrieved from AWS
      set EC2_PRIVATE_KEY=C:AdminAWSpk-<Insert your key name here>.pem
      set EC2_CERT=C:AdminAWScert-<Insert your key name here>.pem

      REM Path to EC2 API, subfolders of bin and lib
      set EC2_HOME=C:AdminAWSec2-api-tools
      set PATH=%PATH%;%EC2_HOME%bin

      REM Path to ELB API, subfolders of bin and lib
      set AWS_ELB_HOME=C:AdminAWSec2-elb-tools
      set PATH=%PATH%;%AWS_ELB_HOME%bin

      REM Path to EC2 AMI, subfolders of bin and lib
      set AWS_AMI_HOME=C:AdminAWSec2-ami-tools
      set PATH=%PATH%;%AWS_AMI_HOME%bin

      cls
      cmd

      Note: Make sure none of the path statements in this file end with a trailing slash.

      Configure Environment Variables – Method 2
      This method adds the necessary system variables to either your profile or system-wide and makes them available anytime you launch a command prompt.  Open the environment variables dialogue (right-click on My Computer, select System Properties, click Advanced tab, then Environment Variables button).  Add the following to either your user account or system variables section depending on your needs.

      • JAVA_HOME – C:Program Files (x86)javajre6
      • EC2_PRIVATE_KEY – C:AdminAWSpk-<Insert your key name here>.pem
      • EC2_CERT – C:AdminAWScert-<Insert your key name here>.pem
      • EC2_HOME – C:AdminAWSec2-api-tools
      • AWS_ELB_HOME – C:AdminAWSec2-elb-tools
      • AWS_AMI_HOME – C:AdminAWSec2-ami-tools
      • Add ;C:AdminAWSec2-api-toolsbin;C:AdminAWSec2-elb-toolsbin;C:AdminAWSec2-ami-toolsbin to your path

      Explanation of System Variables

      JAVA_HOME needs to be set to the appropriate path for your machine.

      For example on my (64-bit Window 7) system java.exe is located at “C:Program Files (x86)javajre6binjava.exe” so I set JAVA_HOME to “C:Program Files (x86)javajre6”

      EC2_Private_Key and EC2_Cert both are the location of the private key and certificate that you retrieved from the AWS website in the previous step.  You could rename the key and certificate for simplification.  If you have multiple AWS accounts all you need to do is modify these lines to switch between accounts.

      EC2_HOME and AWS_ELB_HOME both point to the folders you unzipped the API into.  Both folders should have two subdirectories called bin and lib.  Bin will contain the cmd files of the different commands for that API.  You set the path variable to include these cmd files in your path so that you do not have to be in that directory to run them.

      Now you only need to run the batch file to get a command line with the environmental variables set.  You also could permanently set these variables and have them available in any command window if you choose.  If you want to get fancy you could even put in the logic to set the paths based on the current directory of the batch file, and then put the folder on a thumb drive and carry it around.

      Testing Your Setup
      If you run awsTools.bat you should have a command prompt where you can run the EC2 tool.  A simple command to test is “ec2-describe-regions”:

      c:adminaws>ec2-describe-regions

      Results:
      REGION  eu-west-1       ec2.eu-west-1.amazonaws.com
      REGION  us-east-1       ec2.us-east-1.amazonaws.com
      REGION  us-west-1       ec2.us-west-1.amazonaws.com

      If you receive an error running this command then you need to go back and verify your installation.

      UPDATE: Recently I had to change my Amazon access credentials and created a new X.509 certificate.  When I tried to run any commands from the command line I received the message, “Client.AuthFailure: AWS was not able to validate the provided access credentials.”  So I just downloaded my new Private Key File (pk-.pem) and Certificate (cert-.pem) file replacing my existing ones, and, viola, I was back in action.

      UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

      Commands Documentation
      Amazon documentation.

      Related

      Categories
      HyperTerminal Linux PuTTY SSH Telnet TeraTerm Win 7 Win7 Windows Windows 7 Windows Vista Windows7

      Alternatives to HyperTerminal in Windows 7 and Vista

      Beginning with Windows Vista Microsoft removed HyperTerminal (aka HyperTerm & Hyper Terminal).  Of course, this means it isn’t in Windows 7 either. There are several options you can use to replace its functionality.

      • PuTTYMy Recommendation
        • PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.
      • WinRS (Windows Remote Shell)
        • If you only need remote shell access, you can use WinRS which was introduced in Windows Vista. To get help and see execution options with WinRS, run winrs /? at a command prompt.
      • Telnet is a simple, text-based program that you can use to connect to other devices over your local network or over the Internet.  Telnet can be executed right from the command prompt, although you may have to enable it in Control Panel.
      • Phone and Modem Options can be used to troubleshoot modem problems
        • Open Phone and Modem Options by clicking the Start button, Control Panel, Hardware and Sound, finally Phone and Modem Options.
      • Realterm is a terminal program specially designed for capturing, controlling and debugging binary and other difficult data streams. It is far better for debugging comms than Hyperterminal. It has no support for dialing modems, etc – that is what hyperterminal does.
      • TeraTerm is another alternative to HyperTerminal.  Tera Term is a free software terminal emulator (communication program) which supports:
        • Serial port connections.
        • TCP/IP (telnet, SSH1, SSH2) connections.
        • IPv6 communication.
        • VT100 emulation and selected VT200/300 emulation.
        • TEK4010 emulation.
        • File transfer protocols (Kermit, XMODEM, ZMODEM, B-PLUS and Quick-VAN).
        • Scripts using the “Tera Term Language”.
        • Japanese, English, Russian and Korean character sets.
        • UTF-8 character encoding.

      • AbsoluteTelnet Telnet, SSH, and SFTP Client.  AbsoluteTelnet / SSH is a secure flexible terminal client that is suitable for developers, administrators, or deployment across the enterprise. It includes the industry standard SSH protocols to secure terminal session data across insecure environments such as the internet. Its new tabbed interface is a favorite among AbsoluteTelnet users.
      • XP’s Hyper Terminal
        • If you really want (or just can’t be without it) you can still use XP’s Hyper Terminal. Just copy the following two files from an existing XP, Windows 2000 or 2003 box or extract them from the installation CD’s of the previous OS’s: hypertrm.dll and hypertrm.exe. Although you could put them anywhere on the disk as installation is not required, you may want to place them in %SYSTEMROOT% (normally C:WindowsSystem32).
      Categories
      Linux Security SSH

      Securing SSH on Linux

      SSH (Secure Shell) is a protocol which supports logging into a remote system or executing commands on a remote system, using an encrypted communication between the two systems.

      By default SSH is running version 1 and allowing direct root access to the system. You should disable direct root access on the sshd_config file and use only protocol 2 which is more secure.

      1) vi /etc/ssh/sshd_config
      2) Change Protocol 2,1 to Protocol 2
      4) PermitRootLogin yes = no
      5) Restart SSHD:

      /etc/rc.d/init.d/sshd restart

      Categories
      Linux SSH

      Automatically Logout SSH Users after a period of inactivity

      You can improve your server security by enforcing SSH timeout so users will be automatically log out after a period of inactivity.  Administrators can easily enforce the timeout on SSH clients by simply changing ClientAliveInterval value and restaring the sshd daemon for the changes to take place.
      1) Edit /etc/ssh/sshd_config
      2) Set ClientAliveInterval to 5 minutes (300 seconds)
      ClientAliveInterval 300
      ClientAliveCountMax 0
      3) Restart sshd
      /etc/init.d/sshd restart
      Categories
      Cisco Cisco ASA Linux SSH

      Configure Port Forwarding on Cisco ASA

      This post will show how to port forward a single port from the internet to the internal network. You can easily use the Cisco ASA Appliance GUI through a web browser or Cisco ASDM to create a static nat and an access rule but for those that need to do it from command line here we go:
      1. First login to your router through ssh or telnet and use the privilege mode enable.
      2. Next go to configuration mode by running configure terminal.
      3. Execute the following commands: (In this example we will open HTTP Port 80)
      access-list outside_access_in extended permit tcp any interface outside eq 80
      static (inside,outside) tcp interface 80 10.1.1.10 80 netmask 255.255.255.255
      access-group outside_access_in in interface outside

      Type exit to get out the configuration mode
      Type write to save the changes to startup-config
      Categories
      FREE Freeware Linux Recovery SSH Utility

      Trinity Rescue Kit | CPR for your computer

      Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.  TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

      Some of Trinity Rescur Kit’s most significant features

      • Easily reset windows passwords
      • Full read/write and rpm support
      • Multiple virus scan products integrated in a single uniform commandline with online update capability
      • Full ntfs write support thanks to ntfs-3g (all other drivers included as well)
      • Clone NTFS filesystems over the network
      • Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)
      • Easy script to find all local filesystems
      • Self update capability to include and update all virus scanners
      • Full proxy server support
      • Fun a samba fileserver (Windows-like filesharing)
      • SSH server
      • Recovery and undeletion of files with utilities and procedures
      • Recovery of lost partitions
      • Evacuation of dying disks
      • UTF-8 international character support
      • Powerful multicast disk cloning utility for any filesystem
      • Rootkit detection uitilities

      Although version 3.3 is still beta, it is recommended you download this version, as most features which were included in version 3.2 are still running just fine (and are more up-to-date) and the new stuff is presumed to be running fine too.

      TRK can be booted three different ways:

      • as a bootable CD which you can burn yourself from a downloadable iso file 
      • from a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK cd
      • from network over PXE, which requires some modifications on your local network (version 3.2). Version 3.3 has the ability to act as a network bootserver itself, without any modifications to your local network.

      The idea behind Trinity Rescue Kit

      From the author:

      Back in 2001, I had this great bootable dos cd I created, packed with all great utilities for offline PC operations called “The Vault”.  Unfortunately, the Vault consisted for 90% of software you should pay for. So distributing it in a legal way was certainly no option and I ‘m not the guy that wants to spend his time in maintaining something that ‘s illegal anyway.

      So I brewed on the idea of creating a free bootable Linux CD containing all available free tools that can help you in any way of rescueing your Windows installation.  And eventually, this is how far it has gotten now.

      Trinity Rescue Kit is based on binaries and scripts from several other distributions, like Timo ‘s Rescue CD, Mandriva 2005 and Fedora Core 3 and 4, as well as many original source packages and tools from other distros.  Startup procedure and methods, several scripts and concept is completely selfmade or at least heavily adapted.

      More information.
      Download Trinity Rescue Kit.

      Categories
      FTP Linux Passwords Private Key Public Key SFTP SSH Windows

      How to create and use Public Keys with SSH

      SSH and SFTP Public Key Authentication requires that you create a public/private key pair. In this howto we will look at how to create then use those keys.

      SSH (Secure Shell) and SFTP (Secure FTP) support a very strong security model that can be used instead of the normal username and password authentication scheme. It uses public key cryptography to create a different, and more secure approach to authenticating your identity and rights to access a server or resource.

      Essentially you will generate a public and private key pair. The public key will be placed on the server by your system administrator, giving you access. You will keep the file containing the private key in a safe place. You’ll login by simply by providing that private key file to your SSH or SFTP supporting client.

      The private key is just that – private. You may put a password on it, but you don’t have to. Without a password, all you need is the file in order to login. Or, to put it more clearly, all anyone needs is that file to login as you. Obviously if you password protect the file, then you’ll need both the file, and the password to unlock it. In that case, logging in is very similar to what you do today: specify a user name, and a password to unlock your key file.

      Instructions are included here for the following tools, which are known to work with this technique:

      SSH Clients                                    SFTP Clients
      PuTTY
      SecureCRT      		                                    PSFTP
                                         Webdrive
                                         WS_FTP

      Instructions for these tools are not provided here, but they either claim or have been confirmed to have the appropriate support:

      SSH Clients                            SFTP Clients
      Tera Term Pro                            CuteFTP Professional
                                 WinSCP

      Other tools may also work. The key terminology to look for is “SSH” or “SFTP” and “Public Key Authentication”.

      Generating Your Keys

      In general it’s best to create your own key. That way you control what happens to your private key.

      PuTTYgen

      PuTTY is a free SSH client that includes a tool for generating keys, called PuTTYgen. PuTTY is my preferred SSH client.

      Run PuTTYgen and click the “Generate” button.

      Follow the directive to move the mouse around to generate randomness, which is a key component of public key cryptography. Once that’s done, you should do the following:

      • Specify a passphrase. Technically this is optional, but if you omit the passphrase, then anyone who happens to get ahold of your private key file can login as you. You may have enough security in place where this is not an issue. If you do specify a passphrase, you’ll need to enter it when you login, pretty much as a normal login.
      • Press the Save Public Key button to save the public key. I recommend saving as your name “.pub”. For example I would save “powercram.pub”.
      • Press the Save Private Key button to save your private key. This saves the private key in PuTTY’s own format, a “.ppk” file. So, “name.ppk” might be appropriate.
      • I also recommend hitting the Conversions menu, and then Export Openssh key, and saving that to “name.key”. This format will allow you to use your private key with other applications besides PuTTY.

      SecureCRT

      SecureCRT is a stand-alone SSH client.
      To create a public key with SecureCRT, click the Tools menu, Create Public Key… option to begin the wizard.  Select RSA as the key type. Enter (or not) an appropriate passphrase to protect your private key. A default key length of 1024 is sufficient. Allow SecureCRT to save the key, noting the location. It may ask if you want to use this as your global Public Key, and you can safely say “yes”.

      WS_FTP

      In WS_FTP, click Tools, Options, and then click on SSH, Client Keys:

      Press Create, and step through the wizard. The key type should be RSA, and the default size of 1024 is sufficient.  Once the key has been created and shows up in the list, click on it, and then click on Export, to export your public key.

      Using Your Keys – SSH

      Once your keys are generated, and the public key installed on the server, you’ll need to specify the private key to your SSH client in order to log in.

      PuTTY

      There are at least two approaches to using Public/Private keys with PuTTY. When you launch PuTTY without any arguments, you get its standard configuration dialog, into which you can enter the name of the server you want to connect to:

      On the left hand side is a tree view of various options. Underneath Connection, SSH, click on Auth and the dialog will include a field “Private key file for authentication“:

      Specify the location of the “.ppk” file that you generated with PuTTYgen. When you connect, if your private key is passphrase protected, you’ll be asked for the passphrase.  The other approach is to simply create shortcuts for the various servers I connect to regularly, and specify the location of the private key on the command line. For example:

      C:pathPUTTY.EXE -i c:adminpowercram.ppk admin@server.com

      That, as a desktop shortcut, or item on a Windows menu, connects to the named server using the specified account name “admin”, and uses the private key found in “c:adminpowercram.ppk” to authenticate.

      SecureCRT

      SecureCRT has several paths to a connection dialog, but we’ll use “Quick Connect” for our example. Click the Quick Connect Icon:

      Make sure that protocol is set to SSH2, and enter your host and username. In Authentication, UNcheck everything except PublicKey. Then click on that, and click Properties.

      Typically you don’t need to do anything, but this dialog specifies the location of your identity file (aka Private Key).  Assuming that your public key has been placed on the server for your account, you should now be able to connect.

      Using Your Keys – SFTP

      Secure FTP, or FTP, is really just using SSH technology to provide FTP-like functionality. Since it’s using SSH, the keys you’ve generated and are using for your SSH authentication work with many SFTP applications as well.

      WebDrive

      Webdrive is an FTP/SFTP service for Windows that allows you to treat an FTP or SFTP connection like another drive mounted on your system. Uploading and downloading then become simple Windows file copy operations.  In Webdrive, you’ll need to load your private key, and then specify it in the configuration for a specific SFTP connection.  The Certificates tab of Webdrive’s Settings dialog, has a Hostkey Managemet button.  Push that, and you’ll get the host key management dialog, and on that you’ll find an Import button. Press that to import your public and private keys:

      Specify the “.pub” key for the public key you generated earlier. The private key should also be specified, and would be the “.key” file. If you passphrase protected your key file, you can specify that here as well. Give it a recognizable name.  The second step, then, takes us back to the Webdrive main window.

      Click on a connection (or create a new one). In the Properties for that connection, on the SFTP tab will be a setting Enable client hostkey support for this site:

      Here you’ll find a dropdown list of the keys you imported above, and a place to enter the password, if any, to access that key.  Once completed, Webdrive should now be able to connect to your public key authenticated site.

      WS_FTP

      Having created a key pair already in WS_FTP, using it is simply a matter of defining your connection to use it.
      When you create a site, specify its connection type as SFTP/SSH. Specify a user name, but leave your password blank. At the end of the wizard, click on the Advanced button, this will allow you to edit the connection, and is the equivalent to editing an existing connection.

      Click on the SSH item on the left, and the dropdown list that results should allow you to select the key pair that you created earlier.  Assuming that the public key you exported and sent to your system administrator has been installed on the server, you should now be able to connect.

      psftp

      PSFTP is command line FTP program that is distributed with PuTTY. More importantly, it supports public key SFTP by using the “.ppk” file that you created for PuTTY above. Connecting using a public key is simply a different set of comment line options:

      psftp -l username -2 -i keys.ppk remotehost

      -l username specifies your username on the remote host; -2 indicates that PSFTP should use SSH protocol version 2; -i keys.ppk specifies the location of your private key as created with PuTTYgen; remotehost is the name of the remote host you’re connecting to.