IBM Support

Configuring the PuTTY Secure Shell (SSH) Client to Use Public-Key Authentication

Troubleshooting


Problem

This document provides the steps necessary to configure Public-key authentication on the PuTTY SSH client to gain access to the IBM i Secure Shell daemon (SSHD).

Resolving The Problem

Public-key authentication allows Secure Shell (SSH), Secure File Transfer Protocol (SFTP), and Secure Copy (SCP) clients to gain access to remote hosts running the Secure Shell Daemon (SSHD) without having to provide a password.

Prerequisites

PuTTY utility - Open Source SSH client
PuTTY key generator utility - Generates Rivest, Shamir, & Aldeman (RSA) or Digital Signature Algorithm (DSA) key pairs in the SecSh format

Assumptions

This document assumes the following:

oThe IBM i is running at V5R4 or higher of the operating system.
oA user profile consisting of eight characters or less has been created to provide SSH access to the IBM i.
oA home directory exists for the user profile that was created to provide SSH access to the IBM i.
oThe IBM i SSHD has been configured to accept and process inbound SSH connections.
You should perform the following steps to configure the PuTTY SSH client to use Public-Key authentication to gain access to the IBM i's SSHD:
1.Use the PuTTY key generator utility to create the RSA or DSA key pair. Select the radio button for the type of key that you want to generate, and click on the Generate button: Screen shot of the PuTTY Generator window.
2.Copy the public key underneath the section labeled 'Public key for pasting into OpenSSH authrorized_keys file' into notepad. The OpenSSH version of the public key needs to be stored in the authorized_keys file in the user's .ssh folder on the IBM i:

1. Screen shot of the PuTTY Generator window.
3.Click the Save private key button in the Actions section to save the private key. A passphrase is not required for the private key. Click on the Yes button so that no passphrase is associated with the private key:

1. Screen shot of the passphrase accept/deny buttons.
4.Use FTP in binary mode to move the OpenSSH public key that was created in Step 2 into the user's home directory on the IBM i. For additional information on configuring the IBM i SSHD to use Public-Key authentication, refer to the following Rochester Support Center knowledgebase document New, Configuring the IBM i SSHD to Use Public-Key Authentication: Database 'DCF Technotes (IBM i)', View 'Products', Document 'Configuring the IBM i SSHD Server to Use Public-Key Authentication'.
5.Open the PuTTY SSH client, Expand Session by clicking on the + sign. Specify the IP address or host name of the IBM i:

1. Screen shot of the PuTTY Session category.
6.Expand Connection by clicking on the + sign, select Data, and insert the IBM i user profile in the Auto-login username textbox:

1. Screen shot of the Auto-login username textbox.
7.Expand SSH by clicking on the + sign, Select Auth, Click on the Browse button, and select the private key that was saved in Step 3:
1. Screen shot of the authentication sub-category.
8.Click Open. The user will be able to access the IBM i SSHD without the use of a password.

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Historical Number

582533371

Document Information

Modified date:
18 December 2019

UID

nas8N1011849

Page Feedback