How to use Smallstep SSH certificates with PuTTY

This demonstration provides a step-by-step guide for using Smallstep SSH with PuTTY as the SSH client. Here's a breakdown of key points:

  1. Smallstep SSH Authentication and Key Generation:

    • The demo begins with generating SSH certificates using step to authenticate with the Smallstep server.
    • The command outputs a public-private key pair and an associated SSH certificate.
  2. Handling PPK Format for PuTTY:

    • Since PuTTY doesn't have robust command-line support for generating its proprietary PPK format, the demo showcases how to use PuTTYgen to convert the keys.
    • Additionally, the option of bundling the private key and the SSH certificate together in a single file is shown.
  3. Testing SSH Login with and without Certificates:

    • A failed connection attempt without certificates highlights the importance of certificate-based authentication.
    • The demo shows how to load the key into Pageant (PuTTY's SSH agent), successfully logging in with the loaded certificate bundle.
  4. Manual Configuration of Keys in PuTTY:

    • An alternative method for logging in involves manually associating the private key and certificate in PuTTY, allowing the user to log in without using Pageant.
  5. PowerShell Script for Automation:

    • A PowerShell script is introduced to streamline the process by converting the key formats and launching PuTTY with appropriate configuration, using WinSCP for PPK conversion.
    • The script handles authentication, key generation, and automates the PuTTY login, ensuring users get fresh keys and certificates each day.

This process simplifies daily use of Smallstep SSH and PuTTY by automating key conversion and login steps, minimizing manual effort. See the whole demo below:

 

Leave a Comment