e5b0d077 |
1 | \C{pageant} Using Pageant for authentication |
2 | |
3 | Pageant is an SSH authentication agent. It holds your private keys |
4 | in memory, already decoded, so that you can use them often without |
5 | needing to type a passphrase. |
6 | |
7 | Currently, Pageant only works with SSH v1. |
8 | |
9 | \H{pageant-start} Getting started with Pageant |
10 | |
55ba634a |
11 | Before you run Pageant, you need to have a private key. See |
12 | \k{pubkey} to find out how to generate and use one. |
e5b0d077 |
13 | |
14 | When you run Pageant, it will put an icon of a computer wearing a |
15 | hat into the System tray. It will then sit and do nothing. |
16 | |
17 | If you click the Pageant icon with the right mouse button, you will |
18 | see a menu. Select \e{View Keys} from this menu. The Pageant main |
19 | window will appear. (You can also bring this window up by |
20 | double-clicking on the Pageant icon.) |
21 | |
22 | The Pageant window contains a list box. This shows the private keys |
23 | Pageant is holding. When you start Pageant, it has no keys, so the |
24 | list box will be empty. |
25 | |
26 | To add a key to Pageant, press the \e{Add Key} button. Pageant will |
27 | bring up a file dialog, labelled \q{Select Private Key File}. Find |
28 | your private key file in this dialog, and press \e{Open}. |
29 | |
30 | Pageant will now load the private key. If the key is protected by a |
31 | passphrase, Pageant will ask you to type the passphrase. When the |
32 | key has been loaded, it will appear in the list in the Pageant |
33 | window. |
34 | |
35 | Now start PuTTY and open an SSH session to a site that accepts your |
36 | key. PuTTY will notice that Pageant is running, retrieve the key |
37 | automatically from Pageant, and use it to authenticate. You can now |
38 | open as many PuTTY sessions as you like without having to type your |
39 | passphrase again. |
40 | |
41 | When you want to shut down Pageant, click the right button on the |
42 | Pageant icon in the System tray, and select \e{Exit} from the menu. |
43 | Closing the Pageant main window does \e{not} shut down Pageant. |
44 | |
45 | \H{pageant-forward} Using agent forwarding |
46 | |
47 | \# Walk the user through enabling agent forwarding and starting a |
48 | \# second-level session. |
49 | |
50 | \# Demonstrate the use of ssh-add at the remote end. |
51 | |
52 | \H{pageant-security} Security considerations |
53 | |
54 | \# Explain that local use of Pageant allows you convenient one-touch |
55 | \# authentication without ever storing a decrypted key on disk |
56 | |
57 | \# Explain that, despite this, it still doesn't protect you against |
58 | \# your local machine being hacked (swap files, but more importantly |
59 | \# trojans) |
60 | |
61 | \# Explain that forwarding agent connections to a remote site |
62 | \# can be abused by the sysadmin of that site, so you'd better know |
63 | \# you can trust them |