How To Use Pageant to Streamline SSH Key Authentication with PuTTY

Introduction

You have seen in previous tutorials how to use PuTTY to connect to your VPS securely and how to create SSH keys with PuTTYgen.

You might have more than one SSH key for a single cloud server, or simply more than one cloud server or Droplet that requires SSH keys to log into. This can make you feel overwhelmed with having to manage, sort out, and link all those keys to their respective servers. That’s why Pageant exists.

Pageant is a PuTTY authentication agent. It holds your private keys in memory so that you can use them whenever you are connecting to a server. It eliminates the need to:

• Explicitly specify the relevant key to each Linux user account, if you use more than one account to log into a server
• Type a key’s passphrase each time you log into your user account; and your keys should be passphrase protected since having an unprotected key is as good as hiding your password under your keyboard!

Prerequisites

Make sure you have these prerequisites.

• Pageant is installed together with the PuTTY suite; if you don’t have it installed, you can download it here
• You should already have at least one SSH key saved on your local computer

Step 1 — Adding Keys to Pageant

Start Pageant from the PuTTY folder: Start-Menu > All Programs > PuTTY > Pageant

Pageant starts by default minimized in the system tray. To begin adding your SSH keys, you should right click on its icon and then the following context menu will show up:

Clicking on Add Key from the menu or View Keys to open up the Pageant Key List window. Here you can view, add, and remove keys:

Tip: You can access the Pageant Key List window directly by double-clicking its icon in the system tray.

Click the Add Key button. This will open the file explorer, where you can choose one or more keys at a time to load. You should select files with the .ppk extension:

Click the Open button to load the keys with Pageant.

If a key is passphrase-protected, you will be prompted to enter the passphrase only once before it can be added to the Pageant Key List:

After successfully adding a key, you can now see it listed:

Step 2 — Connecting to the Server(s)

Now these keys will be available while connecting to any server during your PuTTY sessions. You don’t have to take any extra steps in PuTTY. Just enter your hostname or IP address, and SSH user. PuTTY will automatically try to authenticate using any keys currently loaded in Pageant.

Step 3 (Optional) — Removing Keys from Pageant

If you want to remove a key from Pageant, select that key from the Pageant Key List window and press the Remove Key button. You can also remove multiple keys together by selecting them with CTRL or SHIFT.

Tips & Tricks

Use these tips to automate your authenticated connections with Pageant.

Loading Keys Automatically on Pageant Startup

You can make Pageant automatically load one or more private keys when it starts up, instead of adding them manually every time you start up Pageant.

Go to the Pageant shortcut icon from the Windows Start Menu or your desktop.

Right click on the icon, and click on Properties.

A new window will open containing the shortcut’s properties:

From the Shortcut tab, edit the Target field. Leave the path to pageant.exe intact. After that path, add paths to your .ppk key files. These should be outside the quotation marks. Here’s an example:

"C:\Program Files\PuTTY\pageant.exe" C:\key1.ppk C:\key2.ppk

Click the Apply and then OK buttons.

Note: If the keys are encrypted, Pageant will request the passphrases on startup.

Making Pageant Run PuTTY

You can make Pageant start PuTTY or any other program once it has initialized itself and loaded any keys specified on its command line. That way you can just start Pageant instead of having to start both programs.

You can achieve this by following the same steps we used previously to add the keys automatically (see the previous section). Just add the program’s path at the end of the command in the Target field, preceded by the -c option, and contained within double quotes. Here’s an example of the full line for the Target field:

"C:\Program Files\PuTTY\pageant.exe" C:\key1.ppk C:\key2.ppk  -c "C:\Program Files\PuTTY\putty.exe"

Other PuTTY Suite Products

Here are a few other helpful applications that can work with PuTTY.

• PuTTYgen: A tool to generate and edit SSH public and private key pairs. It is part of the PuTTY suite, but it can also operate with the private key formats used by some other SSH clients like WinSCP
• PSFTP: An interactive text-based client for the SSH-based SFTP (secure file transfer) protocol, that allows you to run an interactive file transfer session and perform many thing like listing the contents of directories, browsing around the file system, issuing multiple get and put commands, etc.
• PSCP (PuTTY Secure Copy Client): A tool for transferring files securely between computers using an SSH connection