Efficient PuTTy workflow / configuration

puttyssh

PuTTy is a fine SSH client, but how do you get a workflow managed as slickly as OpenSSH on Unix? My issues with PuTTy's management are:

  1. PuTTy tools are not in my PATH (easily fixable)
  2. PuTTy seems to have no equivalent of ~/.ssh, so I end have to manually choose locations for my keypairs, and then manually tell all the tools where to find them every time
  3. The private key's read permissions seem lax (I might be wrong about this, I a klutz on Windows).
  4. Pageant doesn't run by default (easily fixable?)
  5. Other programs don't reliably find pageant

I suspect all of these problems can be fixed if I just get set my system up properly, and/or organise a nice workflow that fits into PuTTy's way of doing things. So can anyone share some success stories about managing PuTTy?

Best Answer

1 is, as you said, easily fixable.

For 2, both OpenSSH and PuTTY have a concept of an "agent" - a background process holding your keys in memory. For OpenSSH this is ssh-agent, and PuTTY comes with Pageant. In both cases, the keys can be loaded once - usually at login time - after which the SSH client will simply ask the agent to sign the authentication data, without needing the location of the actual key.

The obvious advantage is not needing to re-enter the key's password every single connection, but there is more to it - both clients support agent forwarding, where you can connect to a (relatively trusted) machine and use the local agent remotely (for example, you can connect from local to hostX, from hostX to hostY, from hostY to hostZ), and the key will never leave your local machine.

3 is not a critical problem since Windows user profiles are not publicly accessible by default (I may be wrong here; will check later). Besides, your key is password-protected while on disk, and the permissions can be easily changed.

4 - just copy Pageant's shortcut into the Startup folder in Start Menu - Programs. (Alternatively, point the shortcut to your key file, to have it loaded on login.)

As for 5, cannot reproduce - I've used PuTTY and WinSCP for many years and Pageant worked fine. The only reason I can think of, is the recently introduced bug, fixed in PuTTY 0.62 - it made 0.60 core and 0.61 agent incompatible. Just upgrade to the latest version and it should work. If it doesn't, at least clarify on which programs you are trying.

Related Question