Introduction

This guide shows how to generate SSH keys with PuTTYgen, connect to a TanOS appliance over SSH with PuTTY (tanadmin / tancopy / recovery), and transfer files with WinSCP using key-based authentication. All screenshots are kept below.

PuTTY

Install PuTTY & PuTTYgen

Generate SSH keys with PuTTYgen

  • Launch PuTTYgen (PuTTY Key Generator).
  • Recommended: select Ed25519. If legacy compatibility is required, choose RSA 4096.
  • Click Generate and move your mouse to create randomness.
PuTTYgen generating entropy

Create multiple keys (recommended)

  • One key for tanadmin
  • One key for tancopy
  • Optionally, one key for recovery (user created later in TanOS)

Save private key & copy public key

  • Click Save private key → store securely (set a passphrase if possible).
Save private key in PuTTYgen
  • Copy the public key from the top box (you’ll paste it in the TanOS user’s SSH key settings).
Copy public key from PuTTYgen

Tip: Use Pageant (PuTTY authentication agent) to cache your key and avoid repeated passphrase prompts.

Connect to TanOS with PuTTY (SSH)

Connection

  • Open PuTTY.
  • Session (left): enter the TanOS Host Name (IP or FQDN).
  • Go to Connection > SSH > Auth → set Private key file for authentication to your .ppk.
PuTTY auth with private key

Save a session profile

  • Back to Session → name it (e.g., Tanium-Server1) → Save.
PuTTY session save

Connect

  • Click Open to start SSH.
  • At first connection, verify and accept the server’s host key fingerprint.
  • When prompted, enter the username tied to the key (tanadmin, tancopy, or recovery).
  • No password is required if the key matches.

Transfer files with WinSCP (SFTP)

Session

  • Launch WinSCP.
  • File protocol: SFTP.
  • Host name: TanOS IP or FQDN.
  • Username: tancopy.
WinSCP session setup for tancopy

Use the private key

  • Click Advanced…SSH > AuthenticationPrivate key file → browse to your .ppk for tancopy.
  • OK to return to the main screen.
WinSCP private key authentication

Save and connect

  • Click Save (e.g., name it Tanium tancopy). If your key has a passphrase, you’ll be prompted at login (or use Pageant to cache it).
  • Double-click the saved session or click Login to connect via key-based authentication.
WinSCP connected

Security tips: Prefer Ed25519 keys; use strong passphrases; keep private keys off shared drives; and consider disabling password authentication on the appliance once key-based access is confirmed.

David Wuibaille

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.