[u/mdw/putty] / doc / pageant.but

\C{pageant} Using Pageant for authentication

Pageant is an SSH authentication agent. It holds your private keys
in memory, already decoded, so that you can use them often without
needing to type a passphrase.

\H{pageant-start} Getting started with Pageant

Before you run Pageant, you need to have a private key. See
\k{pubkey} to find out how to generate and use one.

When you run Pageant, it will put an icon of a computer wearing a
hat into the System tray. It will then sit and do nothing.

If you click the Pageant icon with the right mouse button, you will
see a menu. Select \e{View Keys} from this menu. The Pageant main
window will appear. (You can also bring this window up by
double-clicking on the Pageant icon.)

The Pageant window contains a list box. This shows the private keys
Pageant is holding. When you start Pageant, it has no keys, so the
list box will be empty.

To add a key to Pageant, press the \e{Add Key} button. Pageant will
bring up a file dialog, labelled \q{Select Private Key File}. Find
your private key file in this dialog, and press \e{Open}.

Pageant will now load the private key. If the key is protected by a
passphrase, Pageant will ask you to type the passphrase. When the
key has been loaded, it will appear in the list in the Pageant
window.

Now start PuTTY and open an SSH session to a site that accepts your
key. PuTTY will notice that Pageant is running, retrieve the key
automatically from Pageant, and use it to authenticate. You can now
open as many PuTTY sessions as you like without having to type your
passphrase again.

When you want to shut down Pageant, click the right button on the
Pageant icon in the System tray, and select \e{Exit} from the menu.
Closing the Pageant main window does \e{not} shut down Pageant.

\H{pageant-forward} Using agent forwarding

\# Walk the user through enabling agent forwarding and starting a
\# second-level session.

\# Demonstrate the use of ssh-add at the remote end.

\H{pageant-security} Security considerations

\# Explain that local use of Pageant allows you convenient one-touch
\# authentication without ever storing a decrypted key on disk

\# Explain that, despite this, it still doesn't protect you against
\# your local machine being hacked (swap files, but more importantly
\# trojans)

\# Explain that forwarding agent connections to a remote site
\# can be abused by the sysadmin of that site, so you'd better know
\# you can trust them
Commit	Line	Data
e5b0d077	1	\C{pageant} Using Pageant for authentication
	2
	3	Pageant is an SSH authentication agent. It holds your private keys
	4	in memory, already decoded, so that you can use them often without
	5	needing to type a passphrase.
	6
e5b0d077	7	\H{pageant-start} Getting started with Pageant
e5b0d077	8
55ba634a	9	Before you run Pageant, you need to have a private key. See
55ba634a	10	\k{pubkey} to find out how to generate and use one.
e5b0d077	11
	12	When you run Pageant, it will put an icon of a computer wearing a
	13	hat into the System tray. It will then sit and do nothing.
	14
	15	If you click the Pageant icon with the right mouse button, you will
	16	see a menu. Select \e{View Keys} from this menu. The Pageant main
	17	window will appear. (You can also bring this window up by
	18	double-clicking on the Pageant icon.)
	19
	20	The Pageant window contains a list box. This shows the private keys
	21	Pageant is holding. When you start Pageant, it has no keys, so the
	22	list box will be empty.
	23
	24	To add a key to Pageant, press the \e{Add Key} button. Pageant will
	25	bring up a file dialog, labelled \q{Select Private Key File}. Find
	26	your private key file in this dialog, and press \e{Open}.
	27
	28	Pageant will now load the private key. If the key is protected by a
	29	passphrase, Pageant will ask you to type the passphrase. When the
	30	key has been loaded, it will appear in the list in the Pageant
	31	window.
	32
	33	Now start PuTTY and open an SSH session to a site that accepts your
	34	key. PuTTY will notice that Pageant is running, retrieve the key
	35	automatically from Pageant, and use it to authenticate. You can now
	36	open as many PuTTY sessions as you like without having to type your
	37	passphrase again.
	38
	39	When you want to shut down Pageant, click the right button on the
	40	Pageant icon in the System tray, and select \e{Exit} from the menu.
	41	Closing the Pageant main window does \e{not} shut down Pageant.
	42
	43	\H{pageant-forward} Using agent forwarding
	44
	45	\# Walk the user through enabling agent forwarding and starting a
	46	\# second-level session.
	47
	48	\# Demonstrate the use of ssh-add at the remote end.
	49
	50	\H{pageant-security} Security considerations
	51
	52	\# Explain that local use of Pageant allows you convenient one-touch
	53	\# authentication without ever storing a decrypted key on disk
	54
	55	\# Explain that, despite this, it still doesn't protect you against
	56	\# your local machine being hacked (swap files, but more importantly
	57	\# trojans)
	58
	59	\# Explain that forwarding agent connections to a remote site
	60	\# can be abused by the sysadmin of that site, so you'd better know
	61	\# you can trust them