X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/e5b0d077dd2623867702f2e76afb776856eb77b4..9e55cd457afb2e58007e96f54c82194334ef2266:/doc/pubkey.but

diff --git a/doc/pubkey.but b/doc/pubkey.but
index 937ca27b..5a0346a1 100644
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@@ -1,16 +1,184 @@
+\versionid $Id: pubkey.but,v 1.6 2001/09/25 19:59:14 simon Exp $
+
+\# FIXME: passphrases, examples (e.g what does a key for pasting into
+\# authorized_keys look like?), index entries, links.
+
 \C{pubkey} Using public keys for SSH authentication
 
-\# Explain the basic principles of public key authentication. Many
-\# people don't have the faintest idea what it is or why it's good.
+\H{pubkey-intro} Public key authentication - an introduction
+
+Public key authentication is an alternative means of identifying
+yourself to a login server, instead of typing a password. It is more
+secure and more flexible, but more difficult to set up.
+
+In conventional password authentication, you prove you are who you
+claim to be by proving that you know the correct password. The only
+way to prove you know the password is to tell the server what you
+think the password is. This means that if the server has been
+hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
+your password.
+
+Public key authentication solves this problem. You generate a \e{key
+pair}, consisting of a public key (which everybody is allowed to
+know) and a private key (which you keep secret and do not give to
+anybody). The private key is able to generate \e{signatures}.
+A signature created using your private key cannot be forged by
+anybody who does not have that key; but anybody who has your public
+key can verify that a particular signature is genuine.
+
+So you generate a key pair on your own computer, and you copy the
+public key to the server. Then, when the server asks you to prove
+who you are, PuTTY can generate a signature using your private key.
+The server can verify that signature (since it has your public key)
+and allow you to log in. Now if the server is hacked or spoofed, the
+attacker does not gain your private key or password; they only gain
+one signature. And signatures cannot be re-used, so they have gained
+nothing.
+
+There is a problem with this: if your private key is stored
+unprotected on your own computer, then anybody who gains access to
+\e{that} will be able to generate signatures as if they were you. So
+they will be able to log in to your server under your account. For
+this reason, your private key is usually \e{encrypted} when it is
+stored on your local machine, using a passphrase of your choice. In
+order to generate a signature, PuTTY must decrypt the key, so you
+have to type your passphrase.
+
+This can make public-key authentication less convenient than
+password authentication: every time you log in to the server,
+instead of typing a short password, you have to type a longer
+passphrase. One solution to this is to use an \e{authentication
+agent}, a separate program which holds decrypted private keys and
+generates signatures on request. PuTTY's authentication agent is
+called Pageant. When you begin a Windows session, you start Pageant
+and load your public key into it (typing your passphrase once). For
+the rest of your session, you can start PuTTY any number of times
+and Pageant will automatically generate signatures without you
+having to do anything. When you close your Windows session, Pageant
+shuts down, without ever having stored your decrypted private key on
+disk. Many people feel this is a good compromise between security
+and convenience. See \k{pageant} for further details.
+
+\S{pubkey-types} Different types of public key
+
+The PuTTY key generator, described in \k{pubkey-puttygen}, offers
+you the opportunity to generate several types of key pair:
+
+\b An RSA key for use with the SSH 1 protocol.
+
+\b An RSA key for use with the SSH 2 protocol.
+
+\b A DSA key for use with the SSH 2 protocol.
+
+The SSH 1 protocol only supports RSA keys; if you will be connecting
+using the SSH 1 protocol, you must select the first key type or your
+key will be completely useless.
+
+SSH 2 supports more than one key type. The two types supported by
+PuTTY are RSA and DSA.
+
+The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
+intrinsic weakness which makes it very easy to create a signature
+which contains enough information to give away the \e{private} key!
+This would allow an attacker to pretend to be you for any number of
+future sessions. PuTTY's implementation has taken very careful
+precautions to avoid this weakness, but we cannot be 100% certain we
+have managed it, and if you have the choice we strongly recommend
+using RSA keys instead.
+
+If you really need to connect to an SSH server which only supports
+DSA, then you probably have no choice but to use DSA. If you do use
+DSA, we recommend you do not use the same key to authenticate with
+more than one server.
 
-\# Explain the dangers of leaving an unprotected private key around.
-\# Explain passphrases, and urge that people NEVER store
-\# unpassphrased keys unless they really need to or they can be sure
-\# the machine is secure.
+\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY
 
-\# Mention a good length for a passphrase. (I think Schneier
+PuTTYgen is a key generator. It generates pairs of public and private
+keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
+authentication agent, Pageant (see \k{pageant}).  PuTTYgen generates
+RSA keys.
+
+When you run PuTTYgen you will see a window where you have two
+choices: \e{Generate} new public/private key pair or \e{Load} an
+existing private key.
+
+\S{pubkey-puttygen-generate} Generate a new key
+
+Before generating a new key you have to choose the strength of the
+encryption, and the type of the key (see \k{pubkey-types}). With
+\e{Parameters} you define the strength of the key. The default of
+1024 should be OK for most users.
+
+Pressing the \e{Generate} button starts the process of generating a
+new key pair. You then have to move the mouse over the blank area in
+order to generate random data for the algorithm. Continue until the
+progress bar is complete.
+
+As soon as enough random data is available the key is generated.  This
+may take a little while, especially on slow machines.  Once the key is
+generated, its details appear in the \e{Key} part of the PuTTYgen
+window.
+
+Now you can change the \e{Key comment} to something more meaningful
+than the default (which is based on the current date).  e.g. add the
+name of the host you will use it for. When using multiple keys a
+meaningful comment may help you remember which passphrase to use!  You
+should always enter a \e{Key passphrase} and \e{Confirm passphrase} to
+protect your keys.
+
+\# FIXME: Mention a good length for a passphrase. (I think Schneier
 \# said something about this on counterpane.com once.)
 
 \# In case people don't like the idea of exchanging a short password
 \# typed every time for a longer passphrase typed every time, link
 \# to the Pageant chapter.
+
+Finally save the key by pressing the \e{Save} button. Do not close the
+window but proceed with step \k{pubkey-gettingready}, otherwise you
+will have to \e{Load} the private key again as described below.
+
+\S{pubkey-puttygen-load} Load and modify a key
+
+PuTTYgen does not store the public key in a file by default. If you
+have to distribute the public key you can press the \e{Load} button,
+select the private key file, and PuTTYgen will give you the public key
+again.  You can also change the comment and passphrase for your
+private key this way. Just modify the values and \e{Save} the key.
+
+\S{pubkey-gettingready} Getting ready for public key authentication
+
+Connect to your SSH server using PuTTY with the SSH protocol. When the
+connection succeeds you will be prompted for your user name and
+password to login. Once logged in, you must configure the server to
+accept your public key for authentication:
+
+\b If your server is using the SSH 1 protocol, you should change
+into the \c{.ssh} directory and open the file \c{authorized_keys}
+with your favorite editor. (You may have to create this file if this
+is the first key you have put in it). Then switch to the PuTTYgen
+window, select all of the text in the \e{Public key for pasting into
+authorized_keys file} box, and copy it to the clipboard
+(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the
+data into the open file, making sure it ends up all on one line.
+Save the file.
+
+\b If your server is OpenSSH and is using the SSH 2 protocol, you
+should follow the same instructions except that the file will be
+called \c{authorized_keys2}.
+
+\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
+a \e{public} key file from PuTTYgen, and copy that into the
+\c{.ssh2} directory on the server. Then you should go into that
+\c{.ssh2} directory, and edit (or create) a file called
+\c{authorization}. In this file you should put a line like \c{Key
+mykey.pub}, with \c{mykey.pub} replaced by the name of your key
+file.
+
+\b For other SSH server software, you should refer to the manual for
+that server.
+
+From now on you should be able to use the private key for
+authentication to this host.  Either select the private key in
+PuTTY's \e{Connection}, \e{SSH} panel: \e{Private key file for
+authentication} dialog or use it with Pageant as described in
+\k{pageant}.