![]() ![]() This will automatically fill in the “Cert” and “SSH keystring” fields. To get your PIV card’s SSH key, in PuTTY, go to Connection > SSH > CAPI and select the browse button on the right side.This profile is now configured for PIV logon. From within PuTTY, select Connection > SSH > Auth then select both “Allow agent forwarding” and “Allow attempted changes of username in SSH-2.”.On left panel, select Connection > SSH > CAPI thencheck the box beside the words Attempt “CAPI Certificate” (Key-only) auth (SSH-2).Enter a descriptive name under Saved Sessions textbox (if setting up a new profile).Note: If you have multiple destination profiles, you will have to do the following steps for each profile From within PuTTY, enter the destination IP address or hostname in the Host Name (or IP address) textbox to setup a new profile, or if you already have profiles set up in PuTTY, load that profile.Right-click the Pageant icon again from the menu bar and select New Session.Warning: You must re-add your certificate every time pageant is started. The Pageant Window will now display the certificate information.Highlight the correct Smart Card certificate and click OK.Note: If multiple certificates exist, you may want to clear out the expired or revoked certificates by following How To – FIXME: PIV Card – Clear certificate store. If you do not see this field, select a different certificate. It should begin with “Smart Card Logon ” this indicates it is the correct certificate. Make sure you choose the correct certificate! Select “Click here to view certificate properties,” click “Details,” scroll half-way, and locate Enhanced Key Usage.Select your Smart Card Logon certificate from the Windows Security window.The Pageant Key List window will appear.Right-click the icon and select View Keys. A window will not open, but the Pageant icon will appear on the menu bar. ![]() Open Pageant by clicking the executable.Open Windows Explorer or click Start > Computer. ![]() You must now insert the CAPI Key and configure PuTTY-CAC.Pageant will appear in the taskbar on the bottom right of your desktop it will not open a window. Launch pageant from the PuTTY install directory, (eg, C:\Program Files\Putty-CAC).Verify the version of PuTTY that was installed by opening the application and clicking About in the lower left corner.This will enable the Putty-CAC applications to be available from the Start Menu.Īt a minimum, you must install the following packages: Build an installation package to install the executables in the location you choose.Place the executable files in a directory that you have execute rights over.There is no installer available for the binaries, so you must either:.If you do not have access to forge.mil, you can also download it at. If you have a forge.mil account, download the latest Putty-CAC package from forge.mil.Note that Van Dyke Secure CRT, a commercial product, also supports PIV SSH login for multiple platforms, including Windows and Mac. Putty-CAC, a fork of the Open Source Putty SSH client, resolves this issue. They let you store all configuration details unique to a particular connection: the server, connection type, behavior and appearance of the terminal, and more.Most Unix-like systems are configured to use the SSH protocol for remote access, but most SSH client applications do not support PIV as required by Federal policy. If you regularly connect to several different servers, its Saved Sessions are invaluable. PuTTY’s standout feature is its Configuration interface. ![]() When you’ve finished setting up, click Open to connect to your chosen server. You can overwrite it if the server uses a non-standard port. PuTTY will set the Port automatically, according to the connection. These are different protocols that offer different benefits, but most of the time you will want to use SSH, the default. PuTTY supports a few different Connection types, including SSH, Telnet, and Rlogin. To connect to a remote server, enter its Host Name or IP address in the box labeled such. Note that Software Update may ask you to update XQuartz at this stage. This is probably due to PuTTY’s need to start the XQuartz backend and should not be a cause for concern. There may be a small delay between opening the app and seeing this dialog. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |