Integrating mRemoteNG with Pageant

mRemoteNG manages your connections to remote servers. It supports SSH, Telnet, RDP, ICA, VNC, etc… making it a a universal tool for daily management tasks. The intuitive interface with tabbed connections will easily get you hooked, but there are many more options at your disposal to greatly simplify daily administration tasks.

In this post, I will guide you through setting up mRemoteNG in combination with:

  • Putty Pageant to make your SSH connections more secure using private key login.
  • Replace Putty with Kitty for the additional reconnection settings.
  • Add color schemes to Kitty and configure mRemoteNG to use the custom themes.
  • Added bonus: FileZilla also integrates with Pageant for SSH file transfers

 

Obtain and Install the source files

mRemoteNG

Download the latest version of mRemoteNG from their website: http://www.mremoteng.org. We will be using the EXE installer and not the portable version. Simply install mRemoteNG using the provided installer. It’s as easy as running the installation file and clicking through the setup screens. All defaults are fine.

Note: Make sure you have .Net 3.5 installed on your machine. If not, the installer will give an error and prompt you to install it first.

Putty with Pageant

We also need to download the full Putty packaged installer, including the additional tools. Browse to http://www.putty.org and go to the download page. Make sure to get the file called “A Windows installer for everything except PuTTYtel”. Installing the suite is as simple as Next – Next – Finnish.

KiTTY

KiTTY is a fork of the PuTTY executable. It includes some extra settings for managing disconnects. It is generally compatible with PuTTY. We only need the kitty.exe application. Download it from and save it on your hard drive. No installation is required.

Optionally create a subdirectory called C:\Program File\KiTTY or C:\Program Files (x86)\KiTTY and move the kitty.exe file to this directory. This will keep the executable neatly with your other programs.

<!––nextpage––>

Creating Your Private Key

PuTTYgen

Next we have to create a private key. Think of this file as a replacement of your password. You will need to have this file to secure your new SSH connections. Since the file also has a passphrase, you need to have access to both the file and the passphrase in order to make a new connection to a remote server. This is generally considered much more secure then password authentication.

Launch the PuTTYgen application from your start menu. You will see a screen like this:

    

Keep the default SSH-2 RSA and 2048 bits settings and click on the Generate button to start the process. Important: Now you need to keep moving your mouse across the window to create randomness. Make some random moves using the mouse until the progress bar goes to 100%. If you do not move your mouse, nothing will happen!

Once your have moved the mouse long enough, a public key is displayed in the PuTTY Key Generator window. Now you can enter a descriptive name in the Key comment field, for example: jacks_key

Then you choose a passphrase to protect your private key from unauthorized use. Pick a phrase that’s long enough, yet easy to remember. The usual rules for complex passwords apply. You will need to enter the passphrase each time you open the private key file, for example each morning.

    

Save the private key to your disk and name it something like jacks_key.ppk It is vitally important that you keep this file secure. If you loose this file, anyone who knows the pass phrase can impersonate you! Put it on removable media if needed.

Save the public key to your disk and name it something like jacks_key.pub and close the PuTTYgen window.

<!––nextpage––>

Pageant

Pageant, the PuTTY authentication agent, will load your private key and serve as a wallet to keep your private keys into memory so other applications can use them. This will let any application use your private key, but has the benefit of not having to type your pass phrase each time you set up a new SSH connection to a server. It is a tradeoff between convenience and security. The added benefit of private key encryption over plain passwords usually doesn’t weigh against this security tradeoff, provided your workstation is considered secure to begin with.

From the start menu open Pageant. You will notice the small Computer with a Hat icon opens in the notification area. Right-click on the Pageant icon and choose View Keys. Alternately you can just double-click the icon to display the keys.

Now, click Add Key and open the jacks_key.ppk file created using PuTTYgen.

You will be asked to enter the passphrase upon adding a private key to the Pageant wallet.

As long as Pageant is running and the key is loaded, any application can use the private key to create a new login session. Click Close to dismiss the Pageant windows. The application will continue to run in the packground.

Preparing the server

Installing the Public Key on the server

Now that the private key is ready, we first need to install the public key on the target machine(s). When opening a new SSH session, the machine will then be able to authenticate the user by public key authentication, instead of using a plain password. To demonstrate this, we will setup an Ubuntu 14.04 server to use the public key to validate the users.

<!––nextpage––>

Testing public key authentication

Make sure Pageant is still running in the notification area and your private key is loaded. Open PuTTY and type the hostname or IP address of the server. I everything is set up correctly, you will not be asked to enter your usual password anymore. Instead you will see the private key is used:

<!––nextpage––>

Setting up mRemoteNG

Create a server connection

First we add a server connection for the remote machines we want to manage.

mRemoteNG will already use the Pageant keys when the wallet is open. Double-click the connection to verify that you can connect without entering your password.

Now close Pageant by right-clicking it and then choose Exit.

<!––nextpage––>

Adding External Tools

Because Pageant needs to be running with the private key loaded for automatic login to work, we are going to set up some external scripts to perform these tasks for us. You can dowload the scripts here:

To open the External Tools panel in mRemoteNG, click the Tools Menu and select External Tools:

<!––nextpage––>

Start-Pageant command

First we setup a shortcut to the actual pageant.exe file. Enter “Start-Pageant” in the Display Name. Then enter the full path to the pagent.exe file as the Filename. Next we configure the arguments to point to the location of the private key jacks_key.ppk.

By running this tool, you can easily open the Pageant wallet and pre-load your private key. As a result of clicking Start-Pagenat you will be asked to enter your passphrase.

Stop-Pageant script

This simple script will stop the Pageant application. It is also configured as an external tool, so it can be easily run from within mRemoteNG. This is just a quick shortcut, instead of right-clicking the Pageant in the notification area to Exit. Configure the external tool like this:

<!––nextpage––>

Check-Pageant script

First, we will add a Check-Pageant script that will perform these actions:

  • Check if Pageant is running
  • If not, launch it and load our private key
  • Wait for the Passphrase dialogbox to disappear

This script actually consists of 2 files; one VBscript and one PowerShell script. Since PowerShell script can not be set to run without a GUI itself, we will open the VBscript without a GUI which in turn will launch the PowerShell script hidden. On a decent machine, this two step launch will hardly be noticable.


Dim shell,command
command = "powershell.exe -nologo ""C:\Users\cptjack\Check-Pageant.ps1"""
Set shell = CreateObject("WScript.Shell")
shell.Run command,0,1

# Get the Pageant process
$PageantProc = $(Get-Process pageant -ErrorAction SilentlyContinue).MainWindowHandle

# If there is an error, Pageant is not running
if ($Error.Count -gt 0) {
    $exe= "C:\Program Files (x86)\PuTTY\pageant.exe"
    $ppk = "C:\Program Files (x86)\PuTTY\nlams01.ppk"
    $sb = {param($cmd); Invoke-Expression -Command:$cmd }

    # Launch Pageant with your private key
    &amp; $exe $ppk

    # Wait for the process to start (No Error Count)
    While ($Error.Count -gt 0) {
        Write-Output "Pageant is not yet running..."
        $Error.Clear()
        $PageantProc = $(Get-Process pageant -ErrorAction SilentlyContinue).MainWindowHandle
        # Wait for the password dialogbox
        While ($PageantProc.ToInt32() -eq 0) {
            Write-debug "Pageant Password Dialog is not yet open..."
            $PageantProc = $(Get-Process pageant -ErrorAction SilentlyContinue).MainWindowHandle
        }
    }

# No error means Pageant is already running
} else {
    Write-Output "Pageant is already running"
}

$NoWindowCount = 0
# Check if there is a dialog box still open, It needs to pass 5 successive checks in case of wrong password entry
 While ($NoWindowCount -lt 5) {
        Write-Output $NoWindowCount

        Start-Sleep -m (100+$NoWindowCount*20)
        $PageantProc = $(Get-Process pageant -ErrorAction SilentlyContinue).MainWindowHandle
        if ($PageantProc.ToInt32() -eq 0) {
            $NoWindowCount = $NoWindowCount + 1
        } else {
            $NoWindowCount = 0
        }
}
        Write-Output $NoWindowCount
Write-Output "Pagent has no window open!"

Create a new external tool and configure it like this:

<!––nextpage––>

Display the toolbar

Now that you have successfully create these 3 external tools, you can add the External Tools toolbar to the top of your mRemoteNG window. The scripts can now be run at the click of a button… it doesn’t get any easier then that!

<!––nextpage––>

Run Check-Pageant for each new connection

mRemoteNG can run external scripts automatically when you open or close a remote connection. We will use this functionallity to further integrate Pageant into mRemoteNG.

Edit the connection we created before and edit the option External Tool Before. Select Check-Pageant from the dropdown list. Now whenever you open this connection, the script is fired and it will check if Pageant is already running. If it is not, you will receive the passphrase pop-up:

If Pageant is already running, this script silently exits and you won’t be bothered to enter the passkey. Great!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.