[u/mdw/putty] / doc / pubkey.but

\versionid $Id: pubkey.but,v 1.11 2001/12/06 20:05:39 simon Exp $

\# FIXME: passphrases, examples (e.g what does a key for pasting into
\# authorized_keys look like?), index entries, links.

\C{pubkey} Using public keys for SSH authentication

\H{pubkey-intro} Public key authentication - an introduction

Public key authentication is an alternative means of identifying
yourself to a login server, instead of typing a password. It is more
secure and more flexible, but more difficult to set up.

In conventional password authentication, you prove you are who you
claim to be by proving that you know the correct password. The only
way to prove you know the password is to tell the server what you
think the password is. This means that if the server has been
hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
your password.

Public key authentication solves this problem. You generate a \e{key
pair}, consisting of a public key (which everybody is allowed to
know) and a private key (which you keep secret and do not give to
anybody). The private key is able to generate \e{signatures}.
A signature created using your private key cannot be forged by
anybody who does not have that key; but anybody who has your public
key can verify that a particular signature is genuine.

So you generate a key pair on your own computer, and you copy the
public key to the server. Then, when the server asks you to prove
who you are, PuTTY can generate a signature using your private key.
The server can verify that signature (since it has your public key)
and allow you to log in. Now if the server is hacked or spoofed, the
attacker does not gain your private key or password; they only gain
one signature. And signatures cannot be re-used, so they have gained
nothing.

There is a problem with this: if your private key is stored
unprotected on your own computer, then anybody who gains access to
\e{that} will be able to generate signatures as if they were you. So
they will be able to log in to your server under your account. For
this reason, your private key is usually \e{encrypted} when it is
stored on your local machine, using a passphrase of your choice. In
order to generate a signature, PuTTY must decrypt the key, so you
have to type your passphrase.

This can make public-key authentication less convenient than
password authentication: every time you log in to the server,
instead of typing a short password, you have to type a longer
passphrase. One solution to this is to use an \e{authentication
agent}, a separate program which holds decrypted private keys and
generates signatures on request. PuTTY's authentication agent is
called Pageant. When you begin a Windows session, you start Pageant
and load your public key into it (typing your passphrase once). For
the rest of your session, you can start PuTTY any number of times
and Pageant will automatically generate signatures without you
having to do anything. When you close your Windows session, Pageant
shuts down, without ever having stored your decrypted private key on
disk. Many people feel this is a good compromise between security
and convenience. See \k{pageant} for further details.

\S{pubkey-types} Different types of public key

The PuTTY key generator, described in \k{pubkey-puttygen}, offers
you the opportunity to generate several types of key pair:

\b An RSA key for use with the SSH 1 protocol.

\b An RSA key for use with the SSH 2 protocol.

\b A DSA key for use with the SSH 2 protocol.

The SSH 1 protocol only supports RSA keys; if you will be connecting
using the SSH 1 protocol, you must select the first key type or your
key will be completely useless.

SSH 2 supports more than one key type. The two types supported by
PuTTY are RSA and DSA.

The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
intrinsic weakness which makes it very easy to create a signature
which contains enough information to give away the \e{private} key!
This would allow an attacker to pretend to be you for any number of
future sessions. PuTTY's implementation has taken very careful
precautions to avoid this weakness, but we cannot be 100% certain we
have managed it, and if you have the choice we strongly recommend
using RSA keys instead.

If you really need to connect to an SSH server which only supports
DSA, then you probably have no choice but to use DSA. If you do use
DSA, we recommend you do not use the same key to authenticate with
more than one server.

\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY

PuTTYgen is a key generator. It generates pairs of public and private
keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
authentication agent, Pageant (see \k{pageant}).  PuTTYgen generates
RSA keys.

When you run PuTTYgen you will see a window where you have two
choices: \q{Generate}, to generate a new public/private key pair, or
\q{Load} to load in an existing private key.

\S{pubkey-puttygen-generate} Generate a new key

Before generating a new key you have to choose the strength of the
encryption, and the type of the key (see \k{pubkey-types}). With
\q{Parameters} you define the strength of the key. The default of
1024 should be OK for most users.

Pressing the \q{Generate} button starts the process of generating a
new key pair. You then have to move the mouse over the blank area in
order to generate random data for the algorithm. Continue until the
progress bar is complete.

As soon as enough random data is available the key is generated.  This
may take a little while, especially on slow machines.  Once the key is
generated, its details appear in the \q{Key} part of the PuTTYgen
window.

Now you can change the \q{Key comment} field to something more
meaningful than the default (which is based on the current date).
e.g. add the name of the host you will use it for. When using
multiple keys a meaningful comment may help you remember which
passphrase to use!  You should always enter a passphrase in the
\q{Key passphrase} and \q{Confirm passphrase} fields, to protect
your keys.

(Choosing a good passphrase is difficult. Just as you shouldn't use
a dictionary word as a password because it's easy for an attacker to
run through a whole dictionary, you should not use a song lyric,
quotation or other well-known sentence as a passphrase. DiceWare
(\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using
at least five words each generated randomly by rolling five dice,
which gives over 2^64 possible passphrases and is probably not a bad
scheme. If you want your passphrase to make grammatical sense, this
cuts down the possibilities a lot and you should use a longer one as
a result.)

Finally save the key by pressing the \q{Save} button. Do not close the
window but proceed with step \k{pubkey-gettingready}, otherwise you
will have to load the private key again (as described below).

\S{pubkey-puttygen-load} Load and modify a key

PuTTYgen does not store the public key in a file by default. If you
have to distribute the public key you can press the \q{Load} button,
select the private key file, and PuTTYgen will give you the public key
again.  You can also change the comment and passphrase for your
private key this way. Just modify the values and save the key.

\S{pubkey-gettingready} Getting ready for public key authentication

Connect to your SSH server using PuTTY with the SSH protocol. When the
connection succeeds you will be prompted for your user name and
password to login. Once logged in, you must configure the server to
accept your public key for authentication:

\b If your server is using the SSH 1 protocol, you should change
into the \c{.ssh} directory and open the file \c{authorized_keys}
with your favorite editor. (You may have to create this file if this
is the first key you have put in it). Then switch to the PuTTYgen
window, select all of the text in the \q{Public key for pasting into
authorized_keys file} box, and copy it to the clipboard
(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the
data into the open file, making sure it ends up all on one line.
Save the file.

\b If your server is OpenSSH and is using the SSH 2 protocol, you
should follow the same instructions except that the file will be
called \c{authorized_keys2}.

\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
a \e{public} key file from PuTTYgen, and copy that into the
\c{.ssh2} directory on the server. Then you should go into that
\c{.ssh2} directory, and edit (or create) a file called
\c{authorization}. In this file you should put a line like \c{Key
mykey.pub}, with \c{mykey.pub} replaced by the name of your key
file.

\b For other SSH server software, you should refer to the manual for
that server.

From now on you should be able to use the private key for
authentication to this host.  Either select the private key in
PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for
authentication} dialog or use it with Pageant as described in
\k{pageant}.
Commit	Line	Data
2f8d6d43	1	\versionid $Id: pubkey.but,v 1.11 2001/12/06 20:05:39 simon Exp $
024f5783	2
	3	\# FIXME: passphrases, examples (e.g what does a key for pasting into
	4	\# authorized_keys look like?), index entries, links.
	5
e5b0d077	6	\C{pubkey} Using public keys for SSH authentication
e5b0d077	7
024f5783	8	\H{pubkey-intro} Public key authentication - an introduction
024f5783	9
388f343b	10	Public key authentication is an alternative means of identifying
	11	yourself to a login server, instead of typing a password. It is more
	12	secure and more flexible, but more difficult to set up.
	13
	14	In conventional password authentication, you prove you are who you
	15	claim to be by proving that you know the correct password. The only
	16	way to prove you know the password is to tell the server what you
	17	think the password is. This means that if the server has been
	18	hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
	19	your password.
	20
	21	Public key authentication solves this problem. You generate a \e{key
	22	pair}, consisting of a public key (which everybody is allowed to
	23	know) and a private key (which you keep secret and do not give to
	24	anybody). The private key is able to generate \e{signatures}.
2f8d6d43	25	A signature created using your private key cannot be forged by
388f343b	26	anybody who does not have that key; but anybody who has your public
	27	key can verify that a particular signature is genuine.
	28
	29	So you generate a key pair on your own computer, and you copy the
	30	public key to the server. Then, when the server asks you to prove
2f8d6d43	31	who you are, PuTTY can generate a signature using your private key.
388f343b	32	The server can verify that signature (since it has your public key)
	33	and allow you to log in. Now if the server is hacked or spoofed, the
	34	attacker does not gain your private key or password; they only gain
	35	one signature. And signatures cannot be re-used, so they have gained
	36	nothing.
	37
	38	There is a problem with this: if your private key is stored
	39	unprotected on your own computer, then anybody who gains access to
	40	\e{that} will be able to generate signatures as if they were you. So
	41	they will be able to log in to your server under your account. For
	42	this reason, your private key is usually \e{encrypted} when it is
	43	stored on your local machine, using a passphrase of your choice. In
	44	order to generate a signature, PuTTY must decrypt the key, so you
	45	have to type your passphrase.
	46
	47	This can make public-key authentication less convenient than
	48	password authentication: every time you log in to the server,
	49	instead of typing a short password, you have to type a longer
	50	passphrase. One solution to this is to use an \e{authentication
	51	agent}, a separate program which holds decrypted private keys and
	52	generates signatures on request. PuTTY's authentication agent is
	53	called Pageant. When you begin a Windows session, you start Pageant
	54	and load your public key into it (typing your passphrase once). For
2f8d6d43	55	the rest of your session, you can start PuTTY any number of times
388f343b	56	and Pageant will automatically generate signatures without you
	57	having to do anything. When you close your Windows session, Pageant
	58	shuts down, without ever having stored your decrypted private key on
	59	disk. Many people feel this is a good compromise between security
	60	and convenience. See \k{pageant} for further details.
e5b0d077	61
5c72ca61	62	\S{pubkey-types} Different types of public key
	63
	64	The PuTTY key generator, described in \k{pubkey-puttygen}, offers
	65	you the opportunity to generate several types of key pair:
	66
	67	\b An RSA key for use with the SSH 1 protocol.
9e55cd45	68
5c72ca61	69	\b An RSA key for use with the SSH 2 protocol.
9e55cd45	70
5c72ca61	71	\b A DSA key for use with the SSH 2 protocol.
	72
	73	The SSH 1 protocol only supports RSA keys; if you will be connecting
	74	using the SSH 1 protocol, you must select the first key type or your
	75	key will be completely useless.
	76
	77	SSH 2 supports more than one key type. The two types supported by
	78	PuTTY are RSA and DSA.
	79
	80	The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
	81	intrinsic weakness which makes it very easy to create a signature
	82	which contains enough information to give away the \e{private} key!
	83	This would allow an attacker to pretend to be you for any number of
	84	future sessions. PuTTY's implementation has taken very careful
	85	precautions to avoid this weakness, but we cannot be 100% certain we
	86	have managed it, and if you have the choice we strongly recommend
	87	using RSA keys instead.
	88
	89	If you really need to connect to an SSH server which only supports
	90	DSA, then you probably have no choice but to use DSA. If you do use
	91	DSA, we recommend you do not use the same key to authenticate with
	92	more than one server.
	93
	94	\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY
024f5783	95
	96	PuTTYgen is a key generator. It generates pairs of public and private
	97	keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
	98	authentication agent, Pageant (see \k{pageant}). PuTTYgen generates
	99	RSA keys.
	100
	101	When you run PuTTYgen you will see a window where you have two
d60c975d	102	choices: \q{Generate}, to generate a new public/private key pair, or
d60c975d	103	\q{Load} to load in an existing private key.
024f5783	104
	105	\S{pubkey-puttygen-generate} Generate a new key
	106
388f343b	107	Before generating a new key you have to choose the strength of the
5c72ca61	108	encryption, and the type of the key (see \k{pubkey-types}). With
d60c975d	109	\q{Parameters} you define the strength of the key. The default of
5c72ca61	110	1024 should be OK for most users.
024f5783	111
d60c975d	112	Pressing the \q{Generate} button starts the process of generating a
024f5783	113	new key pair. You then have to move the mouse over the blank area in
	114	order to generate random data for the algorithm. Continue until the
	115	progress bar is complete.
	116
388f343b	117	As soon as enough random data is available the key is generated. This
388f343b	118	may take a little while, especially on slow machines. Once the key is
d60c975d	119	generated, its details appear in the \q{Key} part of the PuTTYgen
024f5783	120	window.
024f5783	121
d60c975d	122	Now you can change the \q{Key comment} field to something more
	123	meaningful than the default (which is based on the current date).
	124	e.g. add the name of the host you will use it for. When using
	125	multiple keys a meaningful comment may help you remember which
	126	passphrase to use! You should always enter a passphrase in the
	127	\q{Key passphrase} and \q{Confirm passphrase} fields, to protect
	128	your keys.
024f5783	129
8f1529bc	130	(Choosing a good passphrase is difficult. Just as you shouldn't use
	131	a dictionary word as a password because it's easy for an attacker to
	132	run through a whole dictionary, you should not use a song lyric,
	133	quotation or other well-known sentence as a passphrase. DiceWare
eb92e68f	134	(\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using
eb92e68f	135	at least five words each generated randomly by rolling five dice,
65befd9c	136	which gives over 2^64 possible passphrases and is probably not a bad
eb92e68f	137	scheme. If you want your passphrase to make grammatical sense, this
	138	cuts down the possibilities a lot and you should use a longer one as
	139	a result.)
024f5783	140
d60c975d	141	Finally save the key by pressing the \q{Save} button. Do not close the
024f5783	142	window but proceed with step \k{pubkey-gettingready}, otherwise you
d60c975d	143	will have to load the private key again (as described below).
024f5783	144
	145	\S{pubkey-puttygen-load} Load and modify a key
	146
	147	PuTTYgen does not store the public key in a file by default. If you
d60c975d	148	have to distribute the public key you can press the \q{Load} button,
024f5783	149	select the private key file, and PuTTYgen will give you the public key
024f5783	150	again. You can also change the comment and passphrase for your
d60c975d	151	private key this way. Just modify the values and save the key.
024f5783	152
	153	\S{pubkey-gettingready} Getting ready for public key authentication
	154
	155	Connect to your SSH server using PuTTY with the SSH protocol. When the
	156	connection succeeds you will be prompted for your user name and
5c72ca61	157	password to login. Once logged in, you must configure the server to
	158	accept your public key for authentication:
	159
	160	\b If your server is using the SSH 1 protocol, you should change
	161	into the \c{.ssh} directory and open the file \c{authorized_keys}
	162	with your favorite editor. (You may have to create this file if this
	163	is the first key you have put in it). Then switch to the PuTTYgen
d60c975d	164	window, select all of the text in the \q{Public key for pasting into
5c72ca61	165	authorized_keys file} box, and copy it to the clipboard
	166	(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the
	167	data into the open file, making sure it ends up all on one line.
	168	Save the file.
	169
	170	\b If your server is OpenSSH and is using the SSH 2 protocol, you
	171	should follow the same instructions except that the file will be
	172	called \c{authorized_keys2}.
	173
	174	\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
	175	a \e{public} key file from PuTTYgen, and copy that into the
	176	\c{.ssh2} directory on the server. Then you should go into that
	177	\c{.ssh2} directory, and edit (or create) a file called
	178	\c{authorization}. In this file you should put a line like \c{Key
	179	mykey.pub}, with \c{mykey.pub} replaced by the name of your key
	180	file.
	181
	182	\b For other SSH server software, you should refer to the manual for
	183	that server.
	184
	185	From now on you should be able to use the private key for
	186	authentication to this host. Either select the private key in
d60c975d	187	PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for
5c72ca61	188	authentication} dialog or use it with Pageant as described in
5c72ca61	189	\k{pageant}.