2f8d6d43 |
1 | \versionid $Id: pubkey.but,v 1.11 2001/12/06 20:05:39 simon Exp $ |
024f5783 |
2 | |
3 | \# FIXME: passphrases, examples (e.g what does a key for pasting into |
4 | \# authorized_keys look like?), index entries, links. |
5 | |
e5b0d077 |
6 | \C{pubkey} Using public keys for SSH authentication |
7 | |
024f5783 |
8 | \H{pubkey-intro} Public key authentication - an introduction |
9 | |
388f343b |
10 | Public key authentication is an alternative means of identifying |
11 | yourself to a login server, instead of typing a password. It is more |
12 | secure and more flexible, but more difficult to set up. |
13 | |
14 | In conventional password authentication, you prove you are who you |
15 | claim to be by proving that you know the correct password. The only |
16 | way to prove you know the password is to tell the server what you |
17 | think the password is. This means that if the server has been |
18 | hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn |
19 | your password. |
20 | |
21 | Public key authentication solves this problem. You generate a \e{key |
22 | pair}, consisting of a public key (which everybody is allowed to |
23 | know) and a private key (which you keep secret and do not give to |
24 | anybody). The private key is able to generate \e{signatures}. |
2f8d6d43 |
25 | A signature created using your private key cannot be forged by |
388f343b |
26 | anybody who does not have that key; but anybody who has your public |
27 | key can verify that a particular signature is genuine. |
28 | |
29 | So you generate a key pair on your own computer, and you copy the |
30 | public key to the server. Then, when the server asks you to prove |
2f8d6d43 |
31 | who you are, PuTTY can generate a signature using your private key. |
388f343b |
32 | The server can verify that signature (since it has your public key) |
33 | and allow you to log in. Now if the server is hacked or spoofed, the |
34 | attacker does not gain your private key or password; they only gain |
35 | one signature. And signatures cannot be re-used, so they have gained |
36 | nothing. |
37 | |
38 | There is a problem with this: if your private key is stored |
39 | unprotected on your own computer, then anybody who gains access to |
40 | \e{that} will be able to generate signatures as if they were you. So |
41 | they will be able to log in to your server under your account. For |
42 | this reason, your private key is usually \e{encrypted} when it is |
43 | stored on your local machine, using a passphrase of your choice. In |
44 | order to generate a signature, PuTTY must decrypt the key, so you |
45 | have to type your passphrase. |
46 | |
47 | This can make public-key authentication less convenient than |
48 | password authentication: every time you log in to the server, |
49 | instead of typing a short password, you have to type a longer |
50 | passphrase. One solution to this is to use an \e{authentication |
51 | agent}, a separate program which holds decrypted private keys and |
52 | generates signatures on request. PuTTY's authentication agent is |
53 | called Pageant. When you begin a Windows session, you start Pageant |
54 | and load your public key into it (typing your passphrase once). For |
2f8d6d43 |
55 | the rest of your session, you can start PuTTY any number of times |
388f343b |
56 | and Pageant will automatically generate signatures without you |
57 | having to do anything. When you close your Windows session, Pageant |
58 | shuts down, without ever having stored your decrypted private key on |
59 | disk. Many people feel this is a good compromise between security |
60 | and convenience. See \k{pageant} for further details. |
e5b0d077 |
61 | |
5c72ca61 |
62 | \S{pubkey-types} Different types of public key |
63 | |
64 | The PuTTY key generator, described in \k{pubkey-puttygen}, offers |
65 | you the opportunity to generate several types of key pair: |
66 | |
67 | \b An RSA key for use with the SSH 1 protocol. |
9e55cd45 |
68 | |
5c72ca61 |
69 | \b An RSA key for use with the SSH 2 protocol. |
9e55cd45 |
70 | |
5c72ca61 |
71 | \b A DSA key for use with the SSH 2 protocol. |
72 | |
73 | The SSH 1 protocol only supports RSA keys; if you will be connecting |
74 | using the SSH 1 protocol, you must select the first key type or your |
75 | key will be completely useless. |
76 | |
77 | SSH 2 supports more than one key type. The two types supported by |
78 | PuTTY are RSA and DSA. |
79 | |
80 | The PuTTY developers \e{strongly} recommend you use RSA. DSA has an |
81 | intrinsic weakness which makes it very easy to create a signature |
82 | which contains enough information to give away the \e{private} key! |
83 | This would allow an attacker to pretend to be you for any number of |
84 | future sessions. PuTTY's implementation has taken very careful |
85 | precautions to avoid this weakness, but we cannot be 100% certain we |
86 | have managed it, and if you have the choice we strongly recommend |
87 | using RSA keys instead. |
88 | |
89 | If you really need to connect to an SSH server which only supports |
90 | DSA, then you probably have no choice but to use DSA. If you do use |
91 | DSA, we recommend you do not use the same key to authenticate with |
92 | more than one server. |
93 | |
94 | \H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY |
024f5783 |
95 | |
96 | PuTTYgen is a key generator. It generates pairs of public and private |
97 | keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY |
98 | authentication agent, Pageant (see \k{pageant}). PuTTYgen generates |
99 | RSA keys. |
100 | |
101 | When you run PuTTYgen you will see a window where you have two |
d60c975d |
102 | choices: \q{Generate}, to generate a new public/private key pair, or |
103 | \q{Load} to load in an existing private key. |
024f5783 |
104 | |
105 | \S{pubkey-puttygen-generate} Generate a new key |
106 | |
388f343b |
107 | Before generating a new key you have to choose the strength of the |
5c72ca61 |
108 | encryption, and the type of the key (see \k{pubkey-types}). With |
d60c975d |
109 | \q{Parameters} you define the strength of the key. The default of |
5c72ca61 |
110 | 1024 should be OK for most users. |
024f5783 |
111 | |
d60c975d |
112 | Pressing the \q{Generate} button starts the process of generating a |
024f5783 |
113 | new key pair. You then have to move the mouse over the blank area in |
114 | order to generate random data for the algorithm. Continue until the |
115 | progress bar is complete. |
116 | |
388f343b |
117 | As soon as enough random data is available the key is generated. This |
118 | may take a little while, especially on slow machines. Once the key is |
d60c975d |
119 | generated, its details appear in the \q{Key} part of the PuTTYgen |
024f5783 |
120 | window. |
121 | |
d60c975d |
122 | Now you can change the \q{Key comment} field to something more |
123 | meaningful than the default (which is based on the current date). |
124 | e.g. add the name of the host you will use it for. When using |
125 | multiple keys a meaningful comment may help you remember which |
126 | passphrase to use! You should always enter a passphrase in the |
127 | \q{Key passphrase} and \q{Confirm passphrase} fields, to protect |
128 | your keys. |
024f5783 |
129 | |
8f1529bc |
130 | (Choosing a good passphrase is difficult. Just as you shouldn't use |
131 | a dictionary word as a password because it's easy for an attacker to |
132 | run through a whole dictionary, you should not use a song lyric, |
133 | quotation or other well-known sentence as a passphrase. DiceWare |
eb92e68f |
134 | (\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using |
135 | at least five words each generated randomly by rolling five dice, |
65befd9c |
136 | which gives over 2^64 possible passphrases and is probably not a bad |
eb92e68f |
137 | scheme. If you want your passphrase to make grammatical sense, this |
138 | cuts down the possibilities a lot and you should use a longer one as |
139 | a result.) |
024f5783 |
140 | |
d60c975d |
141 | Finally save the key by pressing the \q{Save} button. Do not close the |
024f5783 |
142 | window but proceed with step \k{pubkey-gettingready}, otherwise you |
d60c975d |
143 | will have to load the private key again (as described below). |
024f5783 |
144 | |
145 | \S{pubkey-puttygen-load} Load and modify a key |
146 | |
147 | PuTTYgen does not store the public key in a file by default. If you |
d60c975d |
148 | have to distribute the public key you can press the \q{Load} button, |
024f5783 |
149 | select the private key file, and PuTTYgen will give you the public key |
150 | again. You can also change the comment and passphrase for your |
d60c975d |
151 | private key this way. Just modify the values and save the key. |
024f5783 |
152 | |
153 | \S{pubkey-gettingready} Getting ready for public key authentication |
154 | |
155 | Connect to your SSH server using PuTTY with the SSH protocol. When the |
156 | connection succeeds you will be prompted for your user name and |
5c72ca61 |
157 | password to login. Once logged in, you must configure the server to |
158 | accept your public key for authentication: |
159 | |
160 | \b If your server is using the SSH 1 protocol, you should change |
161 | into the \c{.ssh} directory and open the file \c{authorized_keys} |
162 | with your favorite editor. (You may have to create this file if this |
163 | is the first key you have put in it). Then switch to the PuTTYgen |
d60c975d |
164 | window, select all of the text in the \q{Public key for pasting into |
5c72ca61 |
165 | authorized_keys file} box, and copy it to the clipboard |
166 | (\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the |
167 | data into the open file, making sure it ends up all on one line. |
168 | Save the file. |
169 | |
170 | \b If your server is OpenSSH and is using the SSH 2 protocol, you |
171 | should follow the same instructions except that the file will be |
172 | called \c{authorized_keys2}. |
173 | |
174 | \b If your server is \cw{ssh.com}'s SSH 2 product, you need to save |
175 | a \e{public} key file from PuTTYgen, and copy that into the |
176 | \c{.ssh2} directory on the server. Then you should go into that |
177 | \c{.ssh2} directory, and edit (or create) a file called |
178 | \c{authorization}. In this file you should put a line like \c{Key |
179 | mykey.pub}, with \c{mykey.pub} replaced by the name of your key |
180 | file. |
181 | |
182 | \b For other SSH server software, you should refer to the manual for |
183 | that server. |
184 | |
185 | From now on you should be able to use the private key for |
186 | authentication to this host. Either select the private key in |
d60c975d |
187 | PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for |
5c72ca61 |
188 | authentication} dialog or use it with Pageant as described in |
189 | \k{pageant}. |