Safe Connection

SSH Agent

The public-key authentication shown here may be more secure, but admins have not gained much if they need to enter a passphrase now, instead of the original password. To automate this process, Linux comes with the ssh-agent tool, in which you can store your private key. The SSH agent autonomously takes care of the authentication process, with the advantage that you only need to enter your passphrase once. The agent retains the key in memory until the user logs out. SSH-Agent is automatically started in the background on most Linux distributions.

Linux has the ssh-add command for interacting with ssh-agent; the -l option lists the currently stored keys. With the Windows MobaXterm SSH client, you can easily enable the SSH agent, for example, in the program settings (Figure 6). The PuTTY Suite has the pagent (putty agent) tool for this.

Figure 6: The SSH agent makes life easier.

The MobaXterm SSH client is an interesting alternative to the popular PuTTY. Because MobaXterm is based on the Cygwin compatibility layer, the tool thinks it is running in a real Linux environment on the client side. This approach means that use of the Linux tools ssh-keygen and ssh-copy-id is possible, including the typical Linux configuration files in the .ssh subdirectory.

A pleasant side effect is that the key files are compatible with standard OpenSSH. You only have to know that the relative home directory of the Linux environment corresponds to C:\Users\User\Documents\MobaXterm

\home. Windows physical drives can be found below /drives in the MobaXterm environment.

WinSCP

SSH is useful not only for secure remote logins but also for secure file transfers. This task will also be the most common use for an SSH client for Windows. Although PuTTY is the most popular Windows SSH client, it is not very convenient in terms of file transfer. For example, PuTTY's Secure FTP client psftp is a classic CLI client; in principle, it behaves no differently from a Linux CLI client. In MobaXterm, however, you can enable a graphical SFTP browser in the settings, and it automatically pops up in the sidebar when a SSH connection is established (Figure 7).

Figure 7: MobaXterm has a graphical SFTP browser.

Appropriate Windows alternatives such as WinSCP [5] also are available for the classic SSH tools sftp and scp, as cryptographically secure alternatives to ftp and rcp. The current version 5.1.5 of the GPL tool has just been released, and it is available on the project website [6]. Installing the executable file is trivial. However, administrators should choose the custom installation, because then the pagent and puttygen tools and the new drag-and-drop shell extension are also conveniently installed.

WinSCP also offers direct downloads via drag and drop and supports the standard SSH protocols sftp and scp via SSH1 and SSH2. Additionally, it has a GUI interface as well as a command-line interface and can process batch scripts [7]. WinSCP can also optionally handle authentication via the SSH password or public key method, and it supports Kerberos (GSS) identification [8].

To open the connection, enter the desired host in the Session section of the Host name field, select the desired Protocol , and enter the user credentials and password. Assuming that you ran puttygen previously to create a public/private key pair and copied the public key to the server, you can optionally specify a password instead of the file containing the private RSA key.

Trust Me

Because scp and sftp are based on SSH, WinSCP, like PuTTY, points out the unknown host key the first time you connect to a new server. If you trust the target host, you are taken to a Windows Explorer-like interface; its use is self-explanatory.

Copying files to the destination host, or in the opposite direction, is an easy process using either by drag and drop, function keys, or Norton Commander-like menus (Figure 8). In the confirmation dialog, admins can change the transmission options or run a transfer in the background for large amounts of data. Additionally, you can also use the integrated editor to edit text files directly on the server.

Figure 8: Copying with WinSCP.