PuTTY SC: A Free SSH Client with Smartcard Support

Home | The Original PuTTY

PuTTY SC is a free implementation of SSH for Win32 platform.

The latest version (SC-25) is based on PuTTY 0.60

This modified version of PuTTY supports RSA keys held on a smartcard or usb token for authentication. The interface is based on PKCS #11 and you need the appropriate library (.dll) of the manufacturer of your smartcard in order to use PuTTY SC.

SC-25 (PuTTY 0.60) Binary for Windows 95, 98, ME, NT, 2000 and XP on Intel x86
PuTTY: puttysc.exe MD5: e1b62acad4a3a25f24938e88c6499e59
PSCP: pscpsc.exe MD5: cba3ce26d7fa3179f82340eb3cb56dc6
Agent: pageantsc.exe MD5: 9ecb7cdf490045c10da985967e7cbd61

A further enhanced version is PuTTY CAC.


THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL PASCAL BUCHBINDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Configuration

Use the "Pkcs11" panel to configure PuTTY SC for smartcard usage.
Note: these settings are used by the SSH agent as well.
Translation: Belorussian

'Use Windows event log'

Writes log messages to the Windows event log too. This might be helpful for debugging.

'Attempt PKCS#11 smartcard auth (SSH-2)'

This option is used to enable smartcard authentication in general.

'PKCS#11 library for authentication'

Specify the necessary library (.dll) to access your smartcard. It is usually stored in the win32 directory, e.g. C:\WINDOWS\system32\eTpkcs11.dll for the Aladdin eToken or dkck232.dll for the Rainbow iKey.
If you don't know the name of the library, you may want to use this command line tool which tries to search for the .dll file on your workstation. You may need to run the tool several times since it may crash when opening some of the systems libraries.

'Token label'

Specify the name of your smartcard. It's the same name you usually see when getting prompted to enter the password when accessing the smartcard for cryptographic operations, e.g. when signing email.

'Certificate label'

The label given to the certificate corresponding to the private and public key you want use for authentication.

Export the Public Key

You must store your public key in the $HOME/.ssh/authorized_keys2 file on the server. The public key can be exported via the event log of PuTTY (it's written as a base64 encoded string to the event log when connecting to the server). Just copy/past this string.
It should look like 'ssh-rsa AAAAB3NzaC1yc2EAAAA.....ZHkknlDE7jhQ== token-key'.

You may also use this tool in order to get a list of all keys on your token.

Agent

The agent uses the stored sessions (created when using PuTTY SC) from the registry to detect a usable key. The first key available on the smartcard is loaded into the agent key store (the current version only supports one active key). The agent can be used with some other SSH clients as well, e.g. WinSCP.

Source

The source code of PuTTY SC is available under the GPL license. The archive includes the main source files of PuTTY SC as well as several patch files.


© 2005-2008, Pascal Buchbinder