e5b0d077 |
1 | \C{pageant} Using Pageant for authentication |
2 | |
3 | Pageant is an SSH authentication agent. It holds your private keys |
4 | in memory, already decoded, so that you can use them often without |
5 | needing to type a passphrase. |
6 | |
e5b0d077 |
7 | \H{pageant-start} Getting started with Pageant |
8 | |
55ba634a |
9 | Before you run Pageant, you need to have a private key. See |
10 | \k{pubkey} to find out how to generate and use one. |
e5b0d077 |
11 | |
12 | When you run Pageant, it will put an icon of a computer wearing a |
13 | hat into the System tray. It will then sit and do nothing. |
14 | |
15 | If you click the Pageant icon with the right mouse button, you will |
16 | see a menu. Select \e{View Keys} from this menu. The Pageant main |
17 | window will appear. (You can also bring this window up by |
18 | double-clicking on the Pageant icon.) |
19 | |
20 | The Pageant window contains a list box. This shows the private keys |
21 | Pageant is holding. When you start Pageant, it has no keys, so the |
22 | list box will be empty. |
23 | |
24 | To add a key to Pageant, press the \e{Add Key} button. Pageant will |
25 | bring up a file dialog, labelled \q{Select Private Key File}. Find |
26 | your private key file in this dialog, and press \e{Open}. |
27 | |
28 | Pageant will now load the private key. If the key is protected by a |
29 | passphrase, Pageant will ask you to type the passphrase. When the |
30 | key has been loaded, it will appear in the list in the Pageant |
31 | window. |
32 | |
33 | Now start PuTTY and open an SSH session to a site that accepts your |
34 | key. PuTTY will notice that Pageant is running, retrieve the key |
35 | automatically from Pageant, and use it to authenticate. You can now |
36 | open as many PuTTY sessions as you like without having to type your |
37 | passphrase again. |
38 | |
39 | When you want to shut down Pageant, click the right button on the |
40 | Pageant icon in the System tray, and select \e{Exit} from the menu. |
41 | Closing the Pageant main window does \e{not} shut down Pageant. |
42 | |
43 | \H{pageant-forward} Using agent forwarding |
44 | |
45 | \# Walk the user through enabling agent forwarding and starting a |
46 | \# second-level session. |
47 | |
48 | \# Demonstrate the use of ssh-add at the remote end. |
49 | |
50 | \H{pageant-security} Security considerations |
51 | |
52 | \# Explain that local use of Pageant allows you convenient one-touch |
53 | \# authentication without ever storing a decrypted key on disk |
54 | |
55 | \# Explain that, despite this, it still doesn't protect you against |
56 | \# your local machine being hacked (swap files, but more importantly |
57 | \# trojans) |
58 | |
59 | \# Explain that forwarding agent connections to a remote site |
60 | \# can be abused by the sysadmin of that site, so you'd better know |
61 | \# you can trust them |