-\versionid $Id: pubkey.but,v 1.15 2002/05/15 20:07:11 simon Exp $
+\define{versionidpubkey} \versionid $Id$
\C{pubkey} Using public keys for SSH authentication
-\H{pubkey-intro} Public key authentication - an introduction
+\H{pubkey-intro} \ii{Public key authentication} - an introduction
Public key authentication is an alternative means of identifying
yourself to a login server, instead of typing a password. It is more
claim to be by proving that you know the correct password. The only
way to prove you know the password is to tell the server what you
think the password is. This means that if the server has been
-hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
+hacked, or \i\e{spoofed} (see \k{gs-hostkey}), an attacker can learn
your password.
-Public key authentication solves this problem. You generate a \e{key
-pair}, consisting of a public key (which everybody is allowed to
-know) and a private key (which you keep secret and do not give to
-anybody). The private key is able to generate \e{signatures}.
+Public key authentication solves this problem. You generate a \i\e{key
+pair}, consisting of a \i{public key} (which everybody is allowed to
+know) and a \i{private key} (which you keep secret and do not give to
+anybody). The private key is able to generate \i\e{signatures}.
A signature created using your private key cannot be forged by
anybody who does not have that key; but anybody who has your public
key can verify that a particular signature is genuine.
unprotected on your own computer, then anybody who gains access to
\e{that} will be able to generate signatures as if they were you. So
they will be able to log in to your server under your account. For
-this reason, your private key is usually \e{encrypted} when it is
-stored on your local machine, using a passphrase of your choice. In
+this reason, your private key is usually \i\e{encrypted} when it is
+stored on your local machine, using a \i{passphrase} of your choice. In
order to generate a signature, PuTTY must decrypt the key, so you
have to type your passphrase.
This can make public-key authentication less convenient than
password authentication: every time you log in to the server,
instead of typing a short password, you have to type a longer
-passphrase. One solution to this is to use an \e{authentication
+passphrase. One solution to this is to use an \i\e{authentication
agent}, a separate program which holds decrypted private keys and
generates signatures on request. PuTTY's authentication agent is
-called Pageant. When you begin a Windows session, you start Pageant
-and load your public key into it (typing your passphrase once). For
+called \i{Pageant}. When you begin a Windows session, you start Pageant
+and load your private key into it (typing your passphrase once). For
the rest of your session, you can start PuTTY any number of times
and Pageant will automatically generate signatures without you
having to do anything. When you close your Windows session, Pageant
disk. Many people feel this is a good compromise between security
and convenience. See \k{pageant} for further details.
-There is more than one public-key algorithm available. The most
-common is RSA, but others exist, notably DSA (otherwise known as
+There is more than one \i{public-key algorithm} available. The most
+common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as
DSS), the USA's federal Digital Signature Standard. The key types
supported by PuTTY are described in \k{puttygen-keytype}.
-\H{pubkey-puttygen} Using PuTTYgen, the PuTTY key generator
+\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
\cfg{winhelp-topic}{puttygen.general}
-PuTTYgen is a key generator. It generates pairs of public and private
-keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
-authentication agent, Pageant (see \k{pageant}). PuTTYgen generates
-RSA keys.
+PuTTYgen is a key generator. It \I{generating keys}generates pairs of
+public and private keys to be used with PuTTY, PSCP, and Plink, as well
+as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
+generates RSA and DSA keys.
When you run PuTTYgen you will see a window where you have two
choices: \q{Generate}, to generate a new public/private key pair, or
PuTTYgen later (see \k{puttygen-load}) and the public key will be
available for copying and pasting again.
-\k{pubkey-gettingready} describes the typical process of configuring
+\K{pubkey-gettingready} describes the typical process of configuring
PuTTY to attempt public-key authentication, and configuring your SSH
server to accept it.
\cfg{winhelp-topic}{puttygen.keytype}
-Before generating a public key using PuTTYgen, you need to select
+Before generating a key pair using PuTTYgen, you need to select
which type of key you need. PuTTYgen currently supports three types
of key:
-\b An RSA key for use with the SSH 1 protocol.
+\b An \i{RSA} key for use with the SSH-1 protocol.
-\b An RSA key for use with the SSH 2 protocol.
+\b An RSA key for use with the SSH-2 protocol.
-\b A DSA key for use with the SSH 2 protocol.
+\b A \i{DSA} key for use with the SSH-2 protocol.
-The SSH 1 protocol only supports RSA keys; if you will be connecting
-using the SSH 1 protocol, you must select the first key type or your
+The SSH-1 protocol only supports RSA keys; if you will be connecting
+using the SSH-1 protocol, you must select the first key type or your
key will be completely useless.
-The SSH 2 protocol supports more than one key type. The two types
+The SSH-2 protocol supports more than one key type. The two types
supported by PuTTY are RSA and DSA.
-The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
-intrinsic weakness which makes it very easy to create a signature
-which contains enough information to give away the \e{private} key!
+The PuTTY developers \e{strongly} recommend you use RSA.
+\I{security risk}\i{DSA} has an intrinsic weakness which makes it very
+easy to create a signature which contains enough information to give
+away the \e{private} key!
This would allow an attacker to pretend to be you for any number of
future sessions. PuTTY's implementation has taken very careful
precautions to avoid this weakness, but we cannot be 100% certain we
When the key generation is complete, a new set of controls will
appear in the window to indicate this.
-\S{puttygen-fingerprint} The \q{Key fingerprint} box
+\S{puttygen-fingerprint} The \q{\ii{Key fingerprint}} box
\cfg{winhelp-topic}{puttygen.fingerprint}
If you have more than one key and use them for different purposes,
you don't need to memorise the key fingerprints in order to tell
-them apart. PuTTY allows you to enter a \e{comment} for your key,
+them apart. PuTTYgen allows you to enter a \e{comment} for your key,
which will be displayed whenever PuTTY or Pageant asks you for the
passphrase.
change the comment later, you can load the private key back into
PuTTYgen, change the comment, and save it again.
-\S{puttygen-passphrase} Setting a passphrase for your key
+\S{puttygen-passphrase} Setting a \i{passphrase} for your key
\cfg{winhelp-topic}{puttygen.passphrase}
The \q{Key passphrase} and \q{Confirm passphrase} boxes allow you to
choose a passphrase for your key. The passphrase will be used to
-encrypt the key on disk, so you will not be able to use the key
+\i{encrypt} the key on disk, so you will not be able to use the key
without first entering the passphrase.
-When you save the key, PuTTY will check that the \q{Key passphrase}
+When you save the key, PuTTYgen will check that the \q{Key passphrase}
and \q{Confirm passphrase} boxes both contain exactly the same
passphrase, and will refuse to save the key otherwise.
unencrypted. You should \e{not} do this without good reason; if you
do, your private key file on disk will be all an attacker needs to
gain access to any machine configured to accept that key. If you
-want to be able to log in without having to type a passphrase every
-time, you should consider using Pageant (\k{pageant}) so that your
-decrypted key is only held in memory rather than on disk.
+want to be able to \I{passwordless login}log in without having to
+type a passphrase every time, you should consider using Pageant
+(\k{pageant}) so that your decrypted key is only held in memory
+rather than on disk.
Under special circumstances you may genuinely \e{need} to use a key
with no passphrase; for example, if you need to run an automated
Choosing a good passphrase is difficult. Just as you shouldn't use a
dictionary word as a password because it's easy for an attacker to
run through a whole dictionary, you should not use a song lyric,
-quotation or other well-known sentence as a passphrase. DiceWare
+quotation or other well-known sentence as a passphrase. \i{DiceWare}
(\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using
at least five words each generated randomly by rolling five dice,
which gives over 2^64 possible passphrases and is probably not a bad
box asking you where to save the file. Select a directory, type in a
file name, and press \q{Save}.
-This file is the one you will need to tell PuTTY to use for
-authentication (see \k{config-ssh-privkey}) or tell Pageant to load
-(see \k{pageant-mainwin-addkey}).
+This file is in PuTTY's native format (\c{*.\i{PPK}}); it is the one you
+will need to tell PuTTY to use for authentication (see
+\k{config-ssh-privkey}) or tell Pageant to load (see
+\k{pageant-mainwin-addkey}).
\S{puttygen-savepub} Saving your public key to a disk file
\cfg{winhelp-topic}{puttygen.savepub}
-The SSH 2 protocol drafts specify a standard format for storing
-public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
-require a public key in this format in order to accept
+RFC 4716 specifies a \I{SSH-2 public key format}standard format for
+storing SSH-2 public keys on disk. Some SSH servers (such as
+\i\cw{ssh.com}'s) require a public key in this format in order to accept
authentication with the corresponding private key. (Others, such as
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
-To save your public key in the SSH 2 standard format, press the
+To save your public key in the SSH-2 standard format, press the
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
dialog box asking you where to save the file. Select a directory,
type in a file name, and press \q{Save}.
on configuring public-key authentication once you have generated a
key.
-If you use this option with an SSH 1 key, the file PuTTYgen saves
+If you use this option with an SSH-1 key, the file PuTTYgen saves
will contain exactly the same text that appears in the \q{Public key
-for pasting} box. This is the only existing standard for SSH 1
+for pasting} box. This is the only existing standard for SSH-1
public keys.
-\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
-file}
+\S{puttygen-pastekey} \q{Public key for pasting into \i{authorized_keys
+file}}
\cfg{winhelp-topic}{puttygen.pastekey}
-All SSH 1 servers require your public key to be given to it in a
+All SSH-1 servers require your public key to be given to it in a
one-line format before it will accept authentication with your
-private key. The OpenSSH server also requires this for SSH 2.
+private key. The \i{OpenSSH} server also requires this for SSH-2.
The \q{Public key for pasting into authorized_keys file} gives the
public-key data in the correct one-line format. Typically you will
for a passphrase (if necessary) and will then display the key
details in the same way as if it had just generated the key.
-PuTTYgen can also load SSH2 private keys in OpenSSH's format and
-\cw{ssh.com}'s format. Once you have loaded one of these key types,
-you can then save it back out as a PuTTY-format key so that you can
-use it with PuTTY. The passphrase will be unchanged by this process.
-You may want to change the key comment before you save the key,
-since OpenSSH's SSH2 key format contains no space for a comment and
-\cw{ssh.com}'s default comment format is long and verbose.
+If you use the Load command to load a foreign key format, it will
+work, but you will see a message box warning you that the key you
+have loaded is not a PuTTY native key. See \k{puttygen-conversions}
+for information about importing foreign key formats.
-\S{puttygen-export} Exporting your private key in an alternative format
+\S{puttygen-conversions} Dealing with private keys in other formats
-\cfg{winhelp-topic}{puttygen.export}
+\cfg{winhelp-topic}{puttygen.conversions}
-Most SSH1 clients use a standard format for storing private keys on
+Most SSH-1 clients use a standard format for storing private keys on
disk. PuTTY uses this format as well; so if you have generated an
-SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
+SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
it with PuTTY, and vice versa.
-However, SSH2 private keys have no standard format. OpenSSH and
-\cw{ssh.com} have different formats, and PuTTY's is different again.
+However, SSH-2 private keys have no standard format. \I{OpenSSH private
+key format}OpenSSH and \I{ssh.com private key format}\cw{ssh.com} have
+different formats, and PuTTY's is different again.
So a key generated with one client cannot immediately be used with
another.
-PuTTYgen has the ability to export private keys in OpenSSH format,
-or in \cw{ssh.com} format. To do so, select an option from the
-\q{Export} menu at the top of the PuTTYgen window. Exporting a key
-works exactly like saving it (see \k{puttygen-savepriv}) - you need
-to have typed your passphrase in beforehand, and you will be warned
-if you are about to save a key without a passphrase.
-
-Note that the export options are only available if you have
-generated an SSH2 key.
+Using the \I{importing keys}\q{Import} command from the \q{Conversions}
+menu, PuTTYgen can load SSH-2 private keys in OpenSSH's format and
+\cw{ssh.com}'s format. Once you have loaded one of these key types, you
+can then save it back out as a PuTTY-format key (\c{*.\i{PPK}}) so that
+you can use it with the PuTTY suite. The passphrase will be unchanged by this
+process (unless you deliberately change it). You may want to change
+the key comment before you save the key, since OpenSSH's SSH-2 key
+format contains no space for a comment and \cw{ssh.com}'s default
+comment format is long and verbose.
+
+PuTTYgen can also \i{export private keys} in OpenSSH format and in
+\cw{ssh.com} format. To do so, select one of the \q{Export} options
+from the \q{Conversions} menu. Exporting a key works exactly like
+saving it (see \k{puttygen-savepriv}) - you need to have typed your
+passphrase in beforehand, and you will be warned if you are about to
+save a key without a passphrase.
+
+Note that since only SSH-2 keys come in different formats, the export
+options are not available if you have generated an SSH-1 key.
\H{pubkey-gettingready} Getting ready for public key authentication
password to login. Once logged in, you must configure the server to
accept your public key for authentication:
-\b If your server is using the SSH 1 protocol, you should change
-into the \c{.ssh} directory and open the file \c{authorized_keys}
+\b If your server is using the SSH-1 protocol, you should change
+into the \i\c{.ssh} directory and open the file \i\c{authorized_keys}
with your favourite editor. (You may have to create this file if
this is the first key you have put in it). Then switch to the
PuTTYgen window, select all of the text in the \q{Public key for
PuTTY window and insert the data into the open file, making sure it
ends up all on one line. Save the file.
-\b If your server is OpenSSH and is using the SSH 2 protocol, you
+\b If your server is \i{OpenSSH} and is using the SSH-2 protocol, you
should follow the same instructions, except that in earlier versions
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
modern versions the same \c{authorized_keys} file is used for both
-SSH 1 and SSH 2 keys.)
+SSH-1 and SSH-2 keys.)
-\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
-a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and
-copy that into the \c{.ssh2} directory on the server. Then you
-should go into that \c{.ssh2} directory, and edit (or create) a file
-called \c{authorization}. In this file you should put a line like
-\c{Key mykey.pub}, with \c{mykey.pub} replaced by the name of your
-key file.
+\b If your server is \i\cw{ssh.com}'s product and is using SSH-2, you
+need to save a \e{public} key file from PuTTYgen (see
+\k{puttygen-savepub}), and copy that into the \i\c{.ssh2} directory on
+the server. Then you should go into that \c{.ssh2} directory, and edit
+(or create) a file called \c{authorization}. In this file you should
+put a line like \c{Key mykey.pub}, with \c{mykey.pub} replaced by the
+name of your key file.
\b For other SSH server software, you should refer to the manual for
that server.
You may also need to ensure that your home directory, your \c{.ssh}
directory, and any other files involved (such as
\c{authorized_keys}, \c{authorized_keys2} or \c{authorization}) are
-not group-writable. You can typically do this by using a command
-such as
+not group-writable or world-writable. You can typically do this by
+using a command such as
-\c chmod g-w $HOME $HOME/.ssh $HOME/.ssh/authorized_keys
+\c chmod go-w $HOME $HOME/.ssh $HOME/.ssh/authorized_keys
Your server should now be configured to accept authentication using
your private key. Now you need to configure PuTTY to \e{attempt}
-authentication using your private key. You can do this in either of
-two ways:
+authentication using your private key. You can do this in any of
+three ways:
\b Select the private key in PuTTY's configuration. See
\k{config-ssh-privkey} for details.
+\b Specify the key file on the command line with the \c{-i} option.
+See \k{using-cmdline-identity} for details.
+
\b Load the private key into Pageant (see \k{pageant}). In this case
PuTTY will automatically try to use it for authentication if it can.
~mdw / sgt / putty / blobdiff