This site requires JavaScript to be enabled

Installing and Configuring PuTTY on a Windows System

66 views

3.0 - Updated on 2021-02-22 by Carlos Salazar (Inactive)

2.0 - Updated on 2020-11-20 by Fang Wang

1.0 - Authored on 2019-05-08 by Hannah Ward (Inactive)

Installing and Configuring PuTTY on a Windows System

 

Intended for:

Kerberos users and system administrators.

 

Scenario/Use case:

This article describes how to install and configure the PuTTY software on your Windows system in order to authenticate to Kerberos from your Windows desktop, access Kerberized machines, and encrypt your data transmissions.

PuTTY is an open-source implementation of Telnet and SSH for Windows, see the home page for PuTTY for details and the online documentation pages.

 

Instructions:

Getting Ready

First, verify that you have administrator privileges on the PC. Next, you need to obtain a Kerberos principal and initial password for the FNAL.GOV realm. See section Your Kerberos Principal.

Installation and Configuration of  PuTTY

PuTTY is an open source terminal emulator program which supports Kerberized ssh (as well as telnet). The PuTTY package also includes the command line programs plink, pscp, and psftp. These are similar to the Linux ssh (when used to execute a command a remote system),  scp , and  sftp commands. The latest PuTTY news can be found on the PuTTY Home Page. Get PuTTY by downloading the Windows installer for everything from the Fermilab Authentication Group's  Kerberos for Windows page (or from the  Putty Download page) and running the installer.  If you plan on using the command line utilities plink and pscp, add the installed location of PuTTY (default is C:\Program Files (x86)\PuTTY on 64-bit systems) to the system-wide PATH environment variable using the System control panel Advanced System Settings, click on the Environment Variables button). Additionally, Fermilab community-supported instructions for configuring and using PuTTY with Windows are available here.

  1. Start the PuTTY application. The PuTTY Configuration window will appear.
  2. Make sure SSH is selected under Connection type.
  3. In the Connection > Data section, type your Kerberos username in the Auto-login username box.
  4. In the Connection > SSH > Auth > GSSAPI section, check the boxes for the Attempt GSSAPI authentication and Allow GSSAPI credential delegation settings. The credential delegation setting is important as it allows forwarding of your Kerberos credentials to the remote system.
  5. If you have an X server installed on your PC, go to the Connection > SSH > X11 section and check Enable X11 forwarding.
  6. In the Session section, type Default Settings in the Saved Sessions box. Click Save. You have now saved your default settings and configured PuTTY for use at Fermilab.

See the note on Accessing Kerberized Machines (Fermilab-Supported Methods) for further details on setting up and saving PuTTY sessions for individual systems. Documentation for PuTTY is available from the PuTTY Docs page in a variety of downloadable formats as well as an online HTML version.

Time Synchronization

Kerberos requires that clients and KDCs be time synchronized within five minutes, each machine to its local time zone. If your Windows computer is a member of the FERMI Windows domain, your time is automatically synchronized. If not follow the instructions below.

If you first want to see what your Time service is set to on your Windows machine, pull up the command prompt, and query the setting by issuing:

% net time /querysntp

To synchronize the time, issue the following command:

% net time /setsntp:131.225.xx.200

where 131.225.xx.200 is the IP address of your network gateway at Fermilab. Stop and restart the network time service, by running:

% net stop "windows time"
% net start "windows time"

See Also:

 

Revised by Carlos Salazar (Inactive)
Last modified 2021-02-22 15:19:50