X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/024f5783585baf4fd9af55f37f5ff098c82b6c8c..f523d0d3b570f5d420b8659ab046d9282b500329:/doc/pubkey.but diff --git a/doc/pubkey.but b/doc/pubkey.but index ffbf5a85..f8490776 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -1,4 +1,4 @@ -\versionid $Id: pubkey.but,v 1.2 2001/02/06 09:34:42 owen Exp $ +\versionid $Id: pubkey.but,v 1.7 2001/11/25 16:57:45 simon Exp $ \# FIXME: passphrases, examples (e.g what does a key for pasting into \# authorized_keys look like?), index entries, links. @@ -7,15 +7,91 @@ \H{pubkey-intro} Public key authentication - an introduction -\# Explain the basic principles of public key authentication. Many -\# people don't have the faintest idea what it is or why it's good. - -\# Explain the dangers of leaving an unprotected private key around. -\# Explain passphrases, and urge that people NEVER store -\# unpassphrased keys unless they really need to or they can be sure -\# the machine is secure. - -\H{pubkey-puttygen} PuTTYgen: RSA key generator for PuTTY +Public key authentication is an alternative means of identifying +yourself to a login server, instead of typing a password. It is more +secure and more flexible, but more difficult to set up. + +In conventional password authentication, you prove you are who you +claim to be by proving that you know the correct password. The only +way to prove you know the password is to tell the server what you +think the password is. This means that if the server has been +hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn +your password. + +Public key authentication solves this problem. You generate a \e{key +pair}, consisting of a public key (which everybody is allowed to +know) and a private key (which you keep secret and do not give to +anybody). The private key is able to generate \e{signatures}. +A signature created using your private key cannot be forged by +anybody who does not have that key; but anybody who has your public +key can verify that a particular signature is genuine. + +So you generate a key pair on your own computer, and you copy the +public key to the server. Then, when the server asks you to prove +who you are, PuTTY can generate a signature using your private key. +The server can verify that signature (since it has your public key) +and allow you to log in. Now if the server is hacked or spoofed, the +attacker does not gain your private key or password; they only gain +one signature. And signatures cannot be re-used, so they have gained +nothing. + +There is a problem with this: if your private key is stored +unprotected on your own computer, then anybody who gains access to +\e{that} will be able to generate signatures as if they were you. So +they will be able to log in to your server under your account. For +this reason, your private key is usually \e{encrypted} when it is +stored on your local machine, using a passphrase of your choice. In +order to generate a signature, PuTTY must decrypt the key, so you +have to type your passphrase. + +This can make public-key authentication less convenient than +password authentication: every time you log in to the server, +instead of typing a short password, you have to type a longer +passphrase. One solution to this is to use an \e{authentication +agent}, a separate program which holds decrypted private keys and +generates signatures on request. PuTTY's authentication agent is +called Pageant. When you begin a Windows session, you start Pageant +and load your public key into it (typing your passphrase once). For +the rest of your session, you can start PuTTY any number of times +and Pageant will automatically generate signatures without you +having to do anything. When you close your Windows session, Pageant +shuts down, without ever having stored your decrypted private key on +disk. Many people feel this is a good compromise between security +and convenience. See \k{pageant} for further details. + +\S{pubkey-types} Different types of public key + +The PuTTY key generator, described in \k{pubkey-puttygen}, offers +you the opportunity to generate several types of key pair: + +\b An RSA key for use with the SSH 1 protocol. + +\b An RSA key for use with the SSH 2 protocol. + +\b A DSA key for use with the SSH 2 protocol. + +The SSH 1 protocol only supports RSA keys; if you will be connecting +using the SSH 1 protocol, you must select the first key type or your +key will be completely useless. + +SSH 2 supports more than one key type. The two types supported by +PuTTY are RSA and DSA. + +The PuTTY developers \e{strongly} recommend you use RSA. DSA has an +intrinsic weakness which makes it very easy to create a signature +which contains enough information to give away the \e{private} key! +This would allow an attacker to pretend to be you for any number of +future sessions. PuTTY's implementation has taken very careful +precautions to avoid this weakness, but we cannot be 100% certain we +have managed it, and if you have the choice we strongly recommend +using RSA keys instead. + +If you really need to connect to an SSH server which only supports +DSA, then you probably have no choice but to use DSA. If you do use +DSA, we recommend you do not use the same key to authenticate with +more than one server. + +\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY PuTTYgen is a key generator. It generates pairs of public and private keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY @@ -28,17 +104,18 @@ existing private key. \S{pubkey-puttygen-generate} Generate a new key -Before generating a new key you have to chose the strength of the -encryption. With \e{Parameters} you define the strength of the key. The -default of 1024 should be OK for most users. +Before generating a new key you have to choose the strength of the +encryption, and the type of the key (see \k{pubkey-types}). With +\e{Parameters} you define the strength of the key. The default of +1024 should be OK for most users. Pressing the \e{Generate} button starts the process of generating a new key pair. You then have to move the mouse over the blank area in order to generate random data for the algorithm. Continue until the progress bar is complete. -As soon as enough random data is available the key is generated. This -may take a little while, especially on slow machines. Once the key is +As soon as enough random data is available the key is generated. This +may take a little while, especially on slow machines. Once the key is generated, its details appear in the \e{Key} part of the PuTTYgen window. @@ -49,12 +126,16 @@ meaningful comment may help you remember which passphrase to use! You should always enter a \e{Key passphrase} and \e{Confirm passphrase} to protect your keys. -\# Mention a good length for a passphrase. (I think Schneier -\# said something about this on counterpane.com once.) - -\# In case people don't like the idea of exchanging a short password -\# typed every time for a longer passphrase typed every time, link -\# to the Pageant chapter. +(Choosing a good passphrase is difficult. Just as you shouldn't use +a dictionary word as a password because it's easy for an attacker to +run through a whole dictionary, you should not use a song lyric, +quotation or other well-known sentence as a passphrase. DiceWare +(\W{www.diceware.com}\cw{www.diceware.com}) recommends using at +least five words each generated randomly by rolling five dice, which +gives over 2^64 possible passwords and is probably not a bad scheme. +If you want your passphrase to make grammatical sense, this cuts +down the possibilities a lot and you should use a longer one as a +result.) Finally save the key by pressing the \e{Save} button. Do not close the window but proceed with step \k{pubkey-gettingready}, otherwise you @@ -72,18 +153,36 @@ private key this way. Just modify the values and \e{Save} the key. Connect to your SSH server using PuTTY with the SSH protocol. When the connection succeeds you will be prompted for your user name and -password to login. Once logged in change into the \c{.ssh} directory -and open the file \c{authorized_keys} with your favorite editor (you -may have to create this file if this is the first key to add). - -Switch to the PuTTYgen window and select all of the content below -\e{Public key for pasting into authorized_keys file}, copy it to the -clipboard (\c{Ctrl+C}). Then, switch back to the PuTTY window and -insert the data into the open file. Save the file. - -From now on you can use the private key for authentication to this -host. Either select the private key in PuTTY's \e{Connection}, -\e{SSH} panel: \e{Private key file for authentication} dialog or use -it with Pageant as described in \k{pageant}. - - +password to login. Once logged in, you must configure the server to +accept your public key for authentication: + +\b If your server is using the SSH 1 protocol, you should change +into the \c{.ssh} directory and open the file \c{authorized_keys} +with your favorite editor. (You may have to create this file if this +is the first key you have put in it). Then switch to the PuTTYgen +window, select all of the text in the \e{Public key for pasting into +authorized_keys file} box, and copy it to the clipboard +(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the +data into the open file, making sure it ends up all on one line. +Save the file. + +\b If your server is OpenSSH and is using the SSH 2 protocol, you +should follow the same instructions except that the file will be +called \c{authorized_keys2}. + +\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save +a \e{public} key file from PuTTYgen, and copy that into the +\c{.ssh2} directory on the server. Then you should go into that +\c{.ssh2} directory, and edit (or create) a file called +\c{authorization}. In this file you should put a line like \c{Key +mykey.pub}, with \c{mykey.pub} replaced by the name of your key +file. + +\b For other SSH server software, you should refer to the manual for +that server. + +From now on you should be able to use the private key for +authentication to this host. Either select the private key in +PuTTY's \e{Connection}, \e{SSH} panel: \e{Private key file for +authentication} dialog or use it with Pageant as described in +\k{pageant}.