| 1 | \versionid $Id: pubkey.but,v 1.2 2001/02/06 09:34:42 owen Exp $ |
| 2 | |
| 3 | \# FIXME: passphrases, examples (e.g what does a key for pasting into |
| 4 | \# authorized_keys look like?), index entries, links. |
| 5 | |
| 6 | \C{pubkey} Using public keys for SSH authentication |
| 7 | |
| 8 | \H{pubkey-intro} Public key authentication - an introduction |
| 9 | |
| 10 | \# Explain the basic principles of public key authentication. Many |
| 11 | \# people don't have the faintest idea what it is or why it's good. |
| 12 | |
| 13 | \# Explain the dangers of leaving an unprotected private key around. |
| 14 | \# Explain passphrases, and urge that people NEVER store |
| 15 | \# unpassphrased keys unless they really need to or they can be sure |
| 16 | \# the machine is secure. |
| 17 | |
| 18 | \H{pubkey-puttygen} PuTTYgen: RSA key generator for PuTTY |
| 19 | |
| 20 | PuTTYgen is a key generator. It generates pairs of public and private |
| 21 | keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY |
| 22 | authentication agent, Pageant (see \k{pageant}). PuTTYgen generates |
| 23 | RSA keys. |
| 24 | |
| 25 | When you run PuTTYgen you will see a window where you have two |
| 26 | choices: \e{Generate} new public/private key pair or \e{Load} an |
| 27 | existing private key. |
| 28 | |
| 29 | \S{pubkey-puttygen-generate} Generate a new key |
| 30 | |
| 31 | Before generating a new key you have to chose the strength of the |
| 32 | encryption. With \e{Parameters} you define the strength of the key. The |
| 33 | default of 1024 should be OK for most users. |
| 34 | |
| 35 | Pressing the \e{Generate} button starts the process of generating a |
| 36 | new key pair. You then have to move the mouse over the blank area in |
| 37 | order to generate random data for the algorithm. Continue until the |
| 38 | progress bar is complete. |
| 39 | |
| 40 | As soon as enough random data is available the key is generated. This |
| 41 | may take a little while, especially on slow machines. Once the key is |
| 42 | generated, its details appear in the \e{Key} part of the PuTTYgen |
| 43 | window. |
| 44 | |
| 45 | Now you can change the \e{Key comment} to something more meaningful |
| 46 | than the default (which is based on the current date). e.g. add the |
| 47 | name of the host you will use it for. When using multiple keys a |
| 48 | meaningful comment may help you remember which passphrase to use! You |
| 49 | should always enter a \e{Key passphrase} and \e{Confirm passphrase} to |
| 50 | protect your keys. |
| 51 | |
| 52 | \# Mention a good length for a passphrase. (I think Schneier |
| 53 | \# said something about this on counterpane.com once.) |
| 54 | |
| 55 | \# In case people don't like the idea of exchanging a short password |
| 56 | \# typed every time for a longer passphrase typed every time, link |
| 57 | \# to the Pageant chapter. |
| 58 | |
| 59 | Finally save the key by pressing the \e{Save} button. Do not close the |
| 60 | window but proceed with step \k{pubkey-gettingready}, otherwise you |
| 61 | will have to \e{Load} the private key again as described below. |
| 62 | |
| 63 | \S{pubkey-puttygen-load} Load and modify a key |
| 64 | |
| 65 | PuTTYgen does not store the public key in a file by default. If you |
| 66 | have to distribute the public key you can press the \e{Load} button, |
| 67 | select the private key file, and PuTTYgen will give you the public key |
| 68 | again. You can also change the comment and passphrase for your |
| 69 | private key this way. Just modify the values and \e{Save} the key. |
| 70 | |
| 71 | \S{pubkey-gettingready} Getting ready for public key authentication |
| 72 | |
| 73 | Connect to your SSH server using PuTTY with the SSH protocol. When the |
| 74 | connection succeeds you will be prompted for your user name and |
| 75 | password to login. Once logged in change into the \c{.ssh} directory |
| 76 | and open the file \c{authorized_keys} with your favorite editor (you |
| 77 | may have to create this file if this is the first key to add). |
| 78 | |
| 79 | Switch to the PuTTYgen window and select all of the content below |
| 80 | \e{Public key for pasting into authorized_keys file}, copy it to the |
| 81 | clipboard (\c{Ctrl+C}). Then, switch back to the PuTTY window and |
| 82 | insert the data into the open file. Save the file. |
| 83 | |
| 84 | From now on you can use the private key for authentication to this |
| 85 | host. Either select the private key in PuTTY's \e{Connection}, |
| 86 | \e{SSH} panel: \e{Private key file for authentication} dialog or use |
| 87 | it with Pageant as described in \k{pageant}. |
| 88 | |
| 89 | |