Using Pageant Putty Agent to Unleash Your SSH Key Use

Published:13 May 2022 - 6 min. read

Nicholas Xuan Nguyen Image

Nicholas Xuan Nguyen

Read more tutorials by Nicholas Xuan Nguyen!

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

Your SSH keys are your server access credentials, and keeping them secure is crucial. But how? Consider using the Pageant PuTTY agent to hold your SSH keys in memory, which is more secure than storing them on your hard drive.

In this tutorial, you’ll learn how to use Pageant to manage your SSH keys and securely log in to your servers.

Read on to never worry about your SSH keys again!

Prerequisites

This tutorial will be a hands-on demonstration. If you’d like to follow along, be sure you have the following.

  • A local computer – This tutorial uses Windows 10, but other versions of Windows will work.
  • A server you’ll connect to via SSH – This tutorial uses Ubuntu 20.04 server, but any Linux server will work. But you can use any server, including a virtual private server (VPS) or even a Raspberry Pi at home.
  • An account on your server that accepts SSH key-based authentication – This tutorial uses a root account.
  • An SSH key pair to use with Pageant.

Configuring PuTTY and Opening a Session

Before using your SSH key on Pageant, you must first configure your PuTTY session and ensure your server is accessible via SSH. PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application.

PuTTY supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connections. On the other hand, Pageant is a companion application to Putty that allows you to hold your SSH keys in memory securely.

To configure a PuTTY session:

1. Launch PuTTY from the Start menu.

Launching PuTTY
Launching PuTTY

2. Now, configure your PuTTY Session settings in the main PuTTY window with the following:

  • Enter your server’s IP address or hostname in the Host Name field.
  • Set the port to the default SSH port (22).
  • Select the SSH option under the Connection type.
Configuring PuTTY Session
Configuring PuTTY Session

3. Select SSH under Connection in the left panel and select 2 as the SSH protocol version.

Selecting the SSH protocol version
Selecting the SSH protocol version

4. Next, expand SSH in the left panel, as shown below, and select Auth.

Click the Browse button next to the Private key for authentication field. A file explorer dialog box will open.

Selecting SSH private key
Selecting SSH private key

5. Locate and select your private key file.

Selecting Private Key
Selecting Private Key

6. Now, click Open in the PuTTY window to start a PuTTY session.

Starting a PuTTY Session
Starting a PuTTY Session

7. In your PuTTY session, click on Accept when you get the message prompt below. Doing so stores the key to PuTTY’s cache and will recognize the server in the future.

Accepting the Host Key
Accepting the Host Key

8. Lastly, provide your user name and passphrase for your private key, and hit Enter.

You should be logged in to your server via SSH if everything goes well, as shown below. If not, double-check that you entered the correct hostname or IP address and that your server is accessible via UFW from your network.

Logging in to the server via SSH
Logging in to the server via SSH

Adding Keys to Pageant PuTTY

Now you’ve confirmed PuTTY is working correctly, it’s time to add your SSH keys to Pageant. Adding your SSH keys to Pageant lets you use them for authentication in future sessions.

1. Launch the Pageant application from the Start menu.

Launch the Pageant application from the Start menu.
Launch the Pageant application from the Start menu.

When Pageant starts, you’ll see a blue computer icon appear in your system tray.

Verifying the Pageant Icon
Verifying the Pageant Icon

2. Right click on the Pageant icon, and select the Add Key option. A file explorer will open where you can locate and select your SSH key to add to Pageant (step three).

The other most-used options are listed below:

  • New Session – Allows you to open a new terminal session with a key. This option is helpful when using a different key for each session.
  • Saved Session – Allows you to open a new terminal session with a key that has been saved in the registry. This option is useful when you want to quickly open a session with a key that you have used before.
  • View Keys – Allows you to view information about the currently loaded keys.
  • Remove All Keys – Removes all keys from Pageant. What if you only want to remove a specific key? You will have the option to remove a particular key after adding it in the following section.
Viewing Pageant Options
Viewing Pageant Options

3. Navigate to your private key, select it, and click Open. You can choose one or multiple files, and you should select the file in .ppk format.

Selecting Private SSH keys to Add
Selecting Private SSH keys to Add

4. Lastly, enter the passphrase for your private key, and click OK.

Pageant uses this information to decrypt the key and make it available. Note that you’ll enter the passphrase only once when you first add the key. In the future, you can use it without entering the passphrase again.

Entering Passphrase
Entering Passphrase

Connecting to the Server via SSH

At this point, Pageant loaded your key(s), and you can use them for authentication when connecting to your server.

Right click on the Pageant icon and select View Keys, as shown below. Doing so opens the Pageant Key List.

Accessing Loaded Keys
Accessing Loaded Keys

In the Pageant Key List Window below, you can see the key you added. Now that you have your key(s) loaded, you can use them for authentication.

You can also select a key and click the Remove button to remove a key from the list.

Viewing Added SSK Keys
Viewing Added SSK Keys

Now, relaunch PuTTY. But this time, just enter your server’s hostname or IP address in the Host Name field and click the Open button.

Your key, together with the passphrase, is already loaded in Pageant. As a result, you only need to provide the hostname or IP address when connecting to your server. This behavior is a big-time saver if you have multiple keys and need to connect to various servers.

Viewing Added SSK Keys
Viewing Added SSK Keys

Loading Keys Automatically on Startup

Pageant will not automatically load your keys by default when you exit Pageant. Or when you shut down and restart your computer. You will have to load your keys each time you start Pageant manually, which can be tedious if you’re connecting to different servers simultaneously.

The good news is that you can automatically set Pageant to load your keys when you log in to your machine.

1. Exit your current Pageant session and relaunch Pageant.

2. Next, right-click on the Pageant icon, and select the View Keys option.

You can see below that all keys are gone since you restarted Pageant.

Viewing Keys (empty)
Viewing Keys (empty)

3. Open file explorer and navigate to the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit) folder.

Right click on the Pageant shortcut icon, and select Properties on the context menu, as shown below.

Entering Pageant Properties
Entering Pageant Properties

4. In the Pageant Properties window, set Pageant to load your keys automatically with the following:

  • Click on the Shortcut tab if not already selected. The Shortcut tab is where you’ll configure Pageant to load your keys automatically.
  • Keep the Pageant app’s path in double-quotes in the Target field, but replace key-path with your private key’s file path. As a result, Pageant will load your keys automatically each time you start up your machine.

You can add multiple keys by adding the path to each key, separated by a single space. Also, when there are spaces in the key path, be sure to enclose the key path in double quotes.

"C:\Program Files\PuTTY\pageant.exe" key-path
  • Click on Apply —> OK to save your changes and exit the Pageant Properties window.
Modifying Pageant Target Path
Modifying Pageant Target Path

Perhaps you prefer to automatically launch PuTTY after entering your passphrase when you launch Pageant. If so, append the -c option followed by PuTTY’s full path (in double quotes), as shown below. “C:\Program Files\PuTTY\pageant.exe” “key-path” -c “putty-path”

5. Finally, restart the Pageant app, and Pageant will automatically load your key, as shown below. When prompted, provide the passphrase for your keys, and you’re all set.

You can also use this approach to launch multiple instances of Pageant to connect to servers with different key requirements.

Open the Pageant Key List window to verify your key was loaded successfully.

Viewing Automatically Loaded Keys
Viewing Automatically Loaded Keys

Conclusion

Throughout this tutorial, you’ve learned how to use the Pageant PuTTY agent to manage and use your SSH keys. You’ve also configured Pageant to load your keys on startup automatically. This automation lets you skip manually loading your keys, especially if you’re managing multiple servers simultaneously.

With this newfound knowledge, why not try to securely connect to your Amazon EC2 Linux instances using PuTTY and Pageant?

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!