| 1 | \C{pageant} Using Pageant for authentication |
| 2 | |
| 3 | Pageant is an SSH authentication agent. It holds your private keys |
| 4 | in memory, already decoded, so that you can use them often without |
| 5 | needing to type a passphrase. |
| 6 | |
| 7 | Currently, Pageant only works with SSH v1. |
| 8 | |
| 9 | \H{pageant-start} Getting started with Pageant |
| 10 | |
| 11 | Before you run Pageant, you need to have a private key. See |
| 12 | \k{pubkey} to find out how to generate and use one. |
| 13 | |
| 14 | When you run Pageant, it will put an icon of a computer wearing a |
| 15 | hat into the System tray. It will then sit and do nothing. |
| 16 | |
| 17 | If you click the Pageant icon with the right mouse button, you will |
| 18 | see a menu. Select \e{View Keys} from this menu. The Pageant main |
| 19 | window will appear. (You can also bring this window up by |
| 20 | double-clicking on the Pageant icon.) |
| 21 | |
| 22 | The Pageant window contains a list box. This shows the private keys |
| 23 | Pageant is holding. When you start Pageant, it has no keys, so the |
| 24 | list box will be empty. |
| 25 | |
| 26 | To add a key to Pageant, press the \e{Add Key} button. Pageant will |
| 27 | bring up a file dialog, labelled \q{Select Private Key File}. Find |
| 28 | your private key file in this dialog, and press \e{Open}. |
| 29 | |
| 30 | Pageant will now load the private key. If the key is protected by a |
| 31 | passphrase, Pageant will ask you to type the passphrase. When the |
| 32 | key has been loaded, it will appear in the list in the Pageant |
| 33 | window. |
| 34 | |
| 35 | Now start PuTTY and open an SSH session to a site that accepts your |
| 36 | key. PuTTY will notice that Pageant is running, retrieve the key |
| 37 | automatically from Pageant, and use it to authenticate. You can now |
| 38 | open as many PuTTY sessions as you like without having to type your |
| 39 | passphrase again. |
| 40 | |
| 41 | When you want to shut down Pageant, click the right button on the |
| 42 | Pageant icon in the System tray, and select \e{Exit} from the menu. |
| 43 | Closing the Pageant main window does \e{not} shut down Pageant. |
| 44 | |
| 45 | \H{pageant-forward} Using agent forwarding |
| 46 | |
| 47 | \# Walk the user through enabling agent forwarding and starting a |
| 48 | \# second-level session. |
| 49 | |
| 50 | \# Demonstrate the use of ssh-add at the remote end. |
| 51 | |
| 52 | \H{pageant-security} Security considerations |
| 53 | |
| 54 | \# Explain that local use of Pageant allows you convenient one-touch |
| 55 | \# authentication without ever storing a decrypted key on disk |
| 56 | |
| 57 | \# Explain that, despite this, it still doesn't protect you against |
| 58 | \# your local machine being hacked (swap files, but more importantly |
| 59 | \# trojans) |
| 60 | |
| 61 | \# Explain that forwarding agent connections to a remote site |
| 62 | \# can be abused by the sysadmin of that site, so you'd better know |
| 63 | \# you can trust them |