Windows OpenSSH with PuTTY
The following section describes how to configure OpenSSH with PuTTY on Windows 10 with an Idem Key, TrustKey G310, or Yubikey 5 NFC FIPS. To SSH with a Security Key with PuTTY, make sure you are using the correct version of PuTTY. It should have FIDO Tools enabled. This document will be using PuTTY CAC.
- Insert the Security Key and Open PuTTY. Go to “Connection” -> “SSH” -> “Certificate” -> “FIDO Tools”
The Key Algorithm should be “ecdsa-sha2-nistp256”. For this document we will be using the default Application Name of “ssh:”. For the Key Type, Resident Key or Non-Resident Key does not matter because PuTTY stores everything in Windows Registry, so choose either. The choice of User Verification also does not matter because Windows will prompt you for a PIN anyways.
- Click on “Create Key…”. You will be asked to set up your Security Key.
- Click “OK”, and a window will appear asking you if you want to let PuTTY create a credential on the Security Key.
- Click “OK”, and a window will appear prompting you for your key’s User PIN. Insert your User PIN and click “OK”.
- A window will then appear asking you to touch your Security Key.
- After touching your Security Key, it will ask you if you want to assign the new key to the current session. Click on “Yes”.
- Now go to the setting page “Certificate”. Make sure that the checkbox next to “Attempt certificate / key authentication” near the top is filled in, and click on “Copy To Clipboard” at the bottom. If under “Selected thumbprint” it says “<no key or certificated selected>”, then you will need to click on “Set FIDO Key…” and select the certificate for your key.
- This will copy to your clipboard the content of the public key that was generated. It will look like this:
Save this and paste it into the /.ssh/authorized_keys file on the remote SSH server. This is will cause the server to recognize and accept the key when PuTTY attempts to connect with it.
- Restart sshd on the remote server using this command:
shell> sudo service sshd restart
- Go to “Session” at the top of the menu on the left and input the ip address of the remote SSH server into the “Host Name (or IP address) field, as well as the correct open port into the “Port” field. Make sure the “Connection type” is set to “SSH”.
- Click on “Open” and PuTTY should attempt to connect to the SSH server. It will ask you to touch the Security Key. Touch your Security Key and you will be allowed into the server.