| 1 | \versionid $Id: pubkey.but,v 1.11 2001/12/06 20:05:39 simon Exp $ |
| 2 | |
| 3 | \# FIXME: passphrases, examples (e.g what does a key for pasting into |
| 4 | \# authorized_keys look like?), index entries, links. |
| 5 | |
| 6 | \C{pubkey} Using public keys for SSH authentication |
| 7 | |
| 8 | \H{pubkey-intro} Public key authentication - an introduction |
| 9 | |
| 10 | Public key authentication is an alternative means of identifying |
| 11 | yourself to a login server, instead of typing a password. It is more |
| 12 | secure and more flexible, but more difficult to set up. |
| 13 | |
| 14 | In conventional password authentication, you prove you are who you |
| 15 | claim to be by proving that you know the correct password. The only |
| 16 | way to prove you know the password is to tell the server what you |
| 17 | think the password is. This means that if the server has been |
| 18 | hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn |
| 19 | your password. |
| 20 | |
| 21 | Public key authentication solves this problem. You generate a \e{key |
| 22 | pair}, consisting of a public key (which everybody is allowed to |
| 23 | know) and a private key (which you keep secret and do not give to |
| 24 | anybody). The private key is able to generate \e{signatures}. |
| 25 | A signature created using your private key cannot be forged by |
| 26 | anybody who does not have that key; but anybody who has your public |
| 27 | key can verify that a particular signature is genuine. |
| 28 | |
| 29 | So you generate a key pair on your own computer, and you copy the |
| 30 | public key to the server. Then, when the server asks you to prove |
| 31 | who you are, PuTTY can generate a signature using your private key. |
| 32 | The server can verify that signature (since it has your public key) |
| 33 | and allow you to log in. Now if the server is hacked or spoofed, the |
| 34 | attacker does not gain your private key or password; they only gain |
| 35 | one signature. And signatures cannot be re-used, so they have gained |
| 36 | nothing. |
| 37 | |
| 38 | There is a problem with this: if your private key is stored |
| 39 | unprotected on your own computer, then anybody who gains access to |
| 40 | \e{that} will be able to generate signatures as if they were you. So |
| 41 | they will be able to log in to your server under your account. For |
| 42 | this reason, your private key is usually \e{encrypted} when it is |
| 43 | stored on your local machine, using a passphrase of your choice. In |
| 44 | order to generate a signature, PuTTY must decrypt the key, so you |
| 45 | have to type your passphrase. |
| 46 | |
| 47 | This can make public-key authentication less convenient than |
| 48 | password authentication: every time you log in to the server, |
| 49 | instead of typing a short password, you have to type a longer |
| 50 | passphrase. One solution to this is to use an \e{authentication |
| 51 | agent}, a separate program which holds decrypted private keys and |
| 52 | generates signatures on request. PuTTY's authentication agent is |
| 53 | called Pageant. When you begin a Windows session, you start Pageant |
| 54 | and load your public key into it (typing your passphrase once). For |
| 55 | the rest of your session, you can start PuTTY any number of times |
| 56 | and Pageant will automatically generate signatures without you |
| 57 | having to do anything. When you close your Windows session, Pageant |
| 58 | shuts down, without ever having stored your decrypted private key on |
| 59 | disk. Many people feel this is a good compromise between security |
| 60 | and convenience. See \k{pageant} for further details. |
| 61 | |
| 62 | \S{pubkey-types} Different types of public key |
| 63 | |
| 64 | The PuTTY key generator, described in \k{pubkey-puttygen}, offers |
| 65 | you the opportunity to generate several types of key pair: |
| 66 | |
| 67 | \b An RSA key for use with the SSH 1 protocol. |
| 68 | |
| 69 | \b An RSA key for use with the SSH 2 protocol. |
| 70 | |
| 71 | \b A DSA key for use with the SSH 2 protocol. |
| 72 | |
| 73 | The SSH 1 protocol only supports RSA keys; if you will be connecting |
| 74 | using the SSH 1 protocol, you must select the first key type or your |
| 75 | key will be completely useless. |
| 76 | |
| 77 | SSH 2 supports more than one key type. The two types supported by |
| 78 | PuTTY are RSA and DSA. |
| 79 | |
| 80 | The PuTTY developers \e{strongly} recommend you use RSA. DSA has an |
| 81 | intrinsic weakness which makes it very easy to create a signature |
| 82 | which contains enough information to give away the \e{private} key! |
| 83 | This would allow an attacker to pretend to be you for any number of |
| 84 | future sessions. PuTTY's implementation has taken very careful |
| 85 | precautions to avoid this weakness, but we cannot be 100% certain we |
| 86 | have managed it, and if you have the choice we strongly recommend |
| 87 | using RSA keys instead. |
| 88 | |
| 89 | If you really need to connect to an SSH server which only supports |
| 90 | DSA, then you probably have no choice but to use DSA. If you do use |
| 91 | DSA, we recommend you do not use the same key to authenticate with |
| 92 | more than one server. |
| 93 | |
| 94 | \H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY |
| 95 | |
| 96 | PuTTYgen is a key generator. It generates pairs of public and private |
| 97 | keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY |
| 98 | authentication agent, Pageant (see \k{pageant}). PuTTYgen generates |
| 99 | RSA keys. |
| 100 | |
| 101 | When you run PuTTYgen you will see a window where you have two |
| 102 | choices: \q{Generate}, to generate a new public/private key pair, or |
| 103 | \q{Load} to load in an existing private key. |
| 104 | |
| 105 | \S{pubkey-puttygen-generate} Generate a new key |
| 106 | |
| 107 | Before generating a new key you have to choose the strength of the |
| 108 | encryption, and the type of the key (see \k{pubkey-types}). With |
| 109 | \q{Parameters} you define the strength of the key. The default of |
| 110 | 1024 should be OK for most users. |
| 111 | |
| 112 | Pressing the \q{Generate} button starts the process of generating a |
| 113 | new key pair. You then have to move the mouse over the blank area in |
| 114 | order to generate random data for the algorithm. Continue until the |
| 115 | progress bar is complete. |
| 116 | |
| 117 | As soon as enough random data is available the key is generated. This |
| 118 | may take a little while, especially on slow machines. Once the key is |
| 119 | generated, its details appear in the \q{Key} part of the PuTTYgen |
| 120 | window. |
| 121 | |
| 122 | Now you can change the \q{Key comment} field to something more |
| 123 | meaningful than the default (which is based on the current date). |
| 124 | e.g. add the name of the host you will use it for. When using |
| 125 | multiple keys a meaningful comment may help you remember which |
| 126 | passphrase to use! You should always enter a passphrase in the |
| 127 | \q{Key passphrase} and \q{Confirm passphrase} fields, to protect |
| 128 | your keys. |
| 129 | |
| 130 | (Choosing a good passphrase is difficult. Just as you shouldn't use |
| 131 | a dictionary word as a password because it's easy for an attacker to |
| 132 | run through a whole dictionary, you should not use a song lyric, |
| 133 | quotation or other well-known sentence as a passphrase. DiceWare |
| 134 | (\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using |
| 135 | at least five words each generated randomly by rolling five dice, |
| 136 | which gives over 2^64 possible passphrases and is probably not a bad |
| 137 | scheme. If you want your passphrase to make grammatical sense, this |
| 138 | cuts down the possibilities a lot and you should use a longer one as |
| 139 | a result.) |
| 140 | |
| 141 | Finally save the key by pressing the \q{Save} button. Do not close the |
| 142 | window but proceed with step \k{pubkey-gettingready}, otherwise you |
| 143 | will have to load the private key again (as described below). |
| 144 | |
| 145 | \S{pubkey-puttygen-load} Load and modify a key |
| 146 | |
| 147 | PuTTYgen does not store the public key in a file by default. If you |
| 148 | have to distribute the public key you can press the \q{Load} button, |
| 149 | select the private key file, and PuTTYgen will give you the public key |
| 150 | again. You can also change the comment and passphrase for your |
| 151 | private key this way. Just modify the values and save the key. |
| 152 | |
| 153 | \S{pubkey-gettingready} Getting ready for public key authentication |
| 154 | |
| 155 | Connect to your SSH server using PuTTY with the SSH protocol. When the |
| 156 | connection succeeds you will be prompted for your user name and |
| 157 | password to login. Once logged in, you must configure the server to |
| 158 | accept your public key for authentication: |
| 159 | |
| 160 | \b If your server is using the SSH 1 protocol, you should change |
| 161 | into the \c{.ssh} directory and open the file \c{authorized_keys} |
| 162 | with your favorite editor. (You may have to create this file if this |
| 163 | is the first key you have put in it). Then switch to the PuTTYgen |
| 164 | window, select all of the text in the \q{Public key for pasting into |
| 165 | authorized_keys file} box, and copy it to the clipboard |
| 166 | (\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the |
| 167 | data into the open file, making sure it ends up all on one line. |
| 168 | Save the file. |
| 169 | |
| 170 | \b If your server is OpenSSH and is using the SSH 2 protocol, you |
| 171 | should follow the same instructions except that the file will be |
| 172 | called \c{authorized_keys2}. |
| 173 | |
| 174 | \b If your server is \cw{ssh.com}'s SSH 2 product, you need to save |
| 175 | a \e{public} key file from PuTTYgen, and copy that into the |
| 176 | \c{.ssh2} directory on the server. Then you should go into that |
| 177 | \c{.ssh2} directory, and edit (or create) a file called |
| 178 | \c{authorization}. In this file you should put a line like \c{Key |
| 179 | mykey.pub}, with \c{mykey.pub} replaced by the name of your key |
| 180 | file. |
| 181 | |
| 182 | \b For other SSH server software, you should refer to the manual for |
| 183 | that server. |
| 184 | |
| 185 | From now on you should be able to use the private key for |
| 186 | authentication to this host. Either select the private key in |
| 187 | PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for |
| 188 | authentication} dialog or use it with Pageant as described in |
| 189 | \k{pageant}. |