2001-11-25 17:32:39 +00:00
|
|
|
|
\versionid $Id: pubkey.but,v 1.10 2001/11/25 17:32:39 simon Exp $
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
|
|
|
|
\# FIXME: passphrases, examples (e.g what does a key for pasting into
|
|
|
|
|
\# authorized_keys look like?), index entries, links.
|
|
|
|
|
|
2001-01-17 10:11:16 +00:00
|
|
|
|
\C{pubkey} Using public keys for SSH authentication
|
|
|
|
|
|
2001-02-06 09:34:42 +00:00
|
|
|
|
\H{pubkey-intro} Public key authentication - an introduction
|
|
|
|
|
|
2001-06-15 19:31:10 +00:00
|
|
|
|
Public key authentication is an alternative means of identifying
|
|
|
|
|
yourself to a login server, instead of typing a password. It is more
|
|
|
|
|
secure and more flexible, but more difficult to set up.
|
|
|
|
|
|
|
|
|
|
In conventional password authentication, you prove you are who you
|
|
|
|
|
claim to be by proving that you know the correct password. The only
|
|
|
|
|
way to prove you know the password is to tell the server what you
|
|
|
|
|
think the password is. This means that if the server has been
|
|
|
|
|
hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
|
|
|
|
|
your password.
|
|
|
|
|
|
|
|
|
|
Public key authentication solves this problem. You generate a \e{key
|
|
|
|
|
pair}, consisting of a public key (which everybody is allowed to
|
|
|
|
|
know) and a private key (which you keep secret and do not give to
|
|
|
|
|
anybody). The private key is able to generate \e{signatures}.
|
|
|
|
|
A<EFBFBD>signature created using your private key cannot be forged by
|
|
|
|
|
anybody who does not have that key; but anybody who has your public
|
|
|
|
|
key can verify that a particular signature is genuine.
|
|
|
|
|
|
|
|
|
|
So you generate a key pair on your own computer, and you copy the
|
|
|
|
|
public key to the server. Then, when the server asks you to prove
|
|
|
|
|
who you are, PuTTY<54>can generate a signature using your private key.
|
|
|
|
|
The server can verify that signature (since it has your public key)
|
|
|
|
|
and allow you to log in. Now if the server is hacked or spoofed, the
|
|
|
|
|
attacker does not gain your private key or password; they only gain
|
|
|
|
|
one signature. And signatures cannot be re-used, so they have gained
|
|
|
|
|
nothing.
|
|
|
|
|
|
|
|
|
|
There is a problem with this: if your private key is stored
|
|
|
|
|
unprotected on your own computer, then anybody who gains access to
|
|
|
|
|
\e{that} will be able to generate signatures as if they were you. So
|
|
|
|
|
they will be able to log in to your server under your account. For
|
|
|
|
|
this reason, your private key is usually \e{encrypted} when it is
|
|
|
|
|
stored on your local machine, using a passphrase of your choice. In
|
|
|
|
|
order to generate a signature, PuTTY must decrypt the key, so you
|
|
|
|
|
have to type your passphrase.
|
|
|
|
|
|
|
|
|
|
This can make public-key authentication less convenient than
|
|
|
|
|
password authentication: every time you log in to the server,
|
|
|
|
|
instead of typing a short password, you have to type a longer
|
|
|
|
|
passphrase. One solution to this is to use an \e{authentication
|
|
|
|
|
agent}, a separate program which holds decrypted private keys and
|
|
|
|
|
generates signatures on request. PuTTY's authentication agent is
|
|
|
|
|
called Pageant. When you begin a Windows session, you start Pageant
|
|
|
|
|
and load your public key into it (typing your passphrase once). For
|
|
|
|
|
the rest of your session, you can start PuTTY<54>any number of times
|
|
|
|
|
and Pageant will automatically generate signatures without you
|
|
|
|
|
having to do anything. When you close your Windows session, Pageant
|
|
|
|
|
shuts down, without ever having stored your decrypted private key on
|
|
|
|
|
disk. Many people feel this is a good compromise between security
|
|
|
|
|
and convenience. See \k{pageant} for further details.
|
2001-01-17 10:11:16 +00:00
|
|
|
|
|
2001-09-22 20:52:21 +00:00
|
|
|
|
\S{pubkey-types} Different types of public key
|
|
|
|
|
|
|
|
|
|
The PuTTY key generator, described in \k{pubkey-puttygen}, offers
|
|
|
|
|
you the opportunity to generate several types of key pair:
|
|
|
|
|
|
|
|
|
|
\b An RSA key for use with the SSH 1 protocol.
|
2001-09-25 19:59:14 +00:00
|
|
|
|
|
2001-09-22 20:52:21 +00:00
|
|
|
|
\b An RSA key for use with the SSH 2 protocol.
|
2001-09-25 19:59:14 +00:00
|
|
|
|
|
2001-09-22 20:52:21 +00:00
|
|
|
|
\b A DSA key for use with the SSH 2 protocol.
|
|
|
|
|
|
|
|
|
|
The SSH 1 protocol only supports RSA keys; if you will be connecting
|
|
|
|
|
using the SSH 1 protocol, you must select the first key type or your
|
|
|
|
|
key will be completely useless.
|
|
|
|
|
|
|
|
|
|
SSH 2 supports more than one key type. The two types supported by
|
|
|
|
|
PuTTY are RSA and DSA.
|
|
|
|
|
|
|
|
|
|
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
|
|
|
|
|
intrinsic weakness which makes it very easy to create a signature
|
|
|
|
|
which contains enough information to give away the \e{private} key!
|
|
|
|
|
This would allow an attacker to pretend to be you for any number of
|
|
|
|
|
future sessions. PuTTY's implementation has taken very careful
|
|
|
|
|
precautions to avoid this weakness, but we cannot be 100% certain we
|
|
|
|
|
have managed it, and if you have the choice we strongly recommend
|
|
|
|
|
using RSA keys instead.
|
|
|
|
|
|
|
|
|
|
If you really need to connect to an SSH server which only supports
|
|
|
|
|
DSA, then you probably have no choice but to use DSA. If you do use
|
|
|
|
|
DSA, we recommend you do not use the same key to authenticate with
|
|
|
|
|
more than one server.
|
|
|
|
|
|
|
|
|
|
\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
|
|
|
|
PuTTYgen is a key generator. It generates pairs of public and private
|
|
|
|
|
keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
|
|
|
|
|
authentication agent, Pageant (see \k{pageant}). PuTTYgen generates
|
|
|
|
|
RSA keys.
|
|
|
|
|
|
|
|
|
|
When you run PuTTYgen you will see a window where you have two
|
2001-11-25 17:32:39 +00:00
|
|
|
|
choices: \q{Generate}, to generate a new public/private key pair, or
|
|
|
|
|
\q{Load} to load in an existing private key.
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
|
|
|
|
\S{pubkey-puttygen-generate} Generate a new key
|
|
|
|
|
|
2001-06-15 19:31:10 +00:00
|
|
|
|
Before generating a new key you have to choose the strength of the
|
2001-09-22 20:52:21 +00:00
|
|
|
|
encryption, and the type of the key (see \k{pubkey-types}). With
|
2001-11-25 17:32:39 +00:00
|
|
|
|
\q{Parameters} you define the strength of the key. The default of
|
2001-09-22 20:52:21 +00:00
|
|
|
|
1024 should be OK for most users.
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
2001-11-25 17:32:39 +00:00
|
|
|
|
Pressing the \q{Generate} button starts the process of generating a
|
2001-02-06 09:34:42 +00:00
|
|
|
|
new key pair. You then have to move the mouse over the blank area in
|
|
|
|
|
order to generate random data for the algorithm. Continue until the
|
|
|
|
|
progress bar is complete.
|
|
|
|
|
|
2001-06-15 19:31:10 +00:00
|
|
|
|
As soon as enough random data is available the key is generated. This
|
|
|
|
|
may take a little while, especially on slow machines. Once the key is
|
2001-11-25 17:32:39 +00:00
|
|
|
|
generated, its details appear in the \q{Key} part of the PuTTYgen
|
2001-02-06 09:34:42 +00:00
|
|
|
|
window.
|
|
|
|
|
|
2001-11-25 17:32:39 +00:00
|
|
|
|
Now you can change the \q{Key comment} field to something more
|
|
|
|
|
meaningful than the default (which is based on the current date).
|
|
|
|
|
e.g. add the name of the host you will use it for. When using
|
|
|
|
|
multiple keys a meaningful comment may help you remember which
|
|
|
|
|
passphrase to use! You should always enter a passphrase in the
|
|
|
|
|
\q{Key passphrase} and \q{Confirm passphrase} fields, to protect
|
|
|
|
|
your keys.
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
2001-11-25 16:57:45 +00:00
|
|
|
|
(Choosing a good passphrase is difficult. Just as you shouldn't use
|
|
|
|
|
a dictionary word as a password because it's easy for an attacker to
|
|
|
|
|
run through a whole dictionary, you should not use a song lyric,
|
|
|
|
|
quotation or other well-known sentence as a passphrase. DiceWare
|
2001-11-25 17:12:23 +00:00
|
|
|
|
(\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using
|
|
|
|
|
at least five words each generated randomly by rolling five dice,
|
2001-11-25 17:14:00 +00:00
|
|
|
|
which gives over 2^64 possible passphrases and is probably not a bad
|
2001-11-25 17:12:23 +00:00
|
|
|
|
scheme. If you want your passphrase to make grammatical sense, this
|
|
|
|
|
cuts down the possibilities a lot and you should use a longer one as
|
|
|
|
|
a result.)
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
2001-11-25 17:32:39 +00:00
|
|
|
|
Finally save the key by pressing the \q{Save} button. Do not close the
|
2001-02-06 09:34:42 +00:00
|
|
|
|
window but proceed with step \k{pubkey-gettingready}, otherwise you
|
2001-11-25 17:32:39 +00:00
|
|
|
|
will have to load the private key again (as described below).
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
|
|
|
|
\S{pubkey-puttygen-load} Load and modify a key
|
|
|
|
|
|
|
|
|
|
PuTTYgen does not store the public key in a file by default. If you
|
2001-11-25 17:32:39 +00:00
|
|
|
|
have to distribute the public key you can press the \q{Load} button,
|
2001-02-06 09:34:42 +00:00
|
|
|
|
select the private key file, and PuTTYgen will give you the public key
|
|
|
|
|
again. You can also change the comment and passphrase for your
|
2001-11-25 17:32:39 +00:00
|
|
|
|
private key this way. Just modify the values and save the key.
|
2001-02-06 09:34:42 +00:00
|
|
|
|
|
|
|
|
|
\S{pubkey-gettingready} Getting ready for public key authentication
|
|
|
|
|
|
|
|
|
|
Connect to your SSH server using PuTTY with the SSH protocol. When the
|
|
|
|
|
connection succeeds you will be prompted for your user name and
|
2001-09-22 20:52:21 +00:00
|
|
|
|
password to login. Once logged in, you must configure the server to
|
|
|
|
|
accept your public key for authentication:
|
|
|
|
|
|
|
|
|
|
\b If your server is using the SSH 1 protocol, you should change
|
|
|
|
|
into the \c{.ssh} directory and open the file \c{authorized_keys}
|
|
|
|
|
with your favorite editor. (You may have to create this file if this
|
|
|
|
|
is the first key you have put in it). Then switch to the PuTTYgen
|
2001-11-25 17:32:39 +00:00
|
|
|
|
window, select all of the text in the \q{Public key for pasting into
|
2001-09-22 20:52:21 +00:00
|
|
|
|
authorized_keys file} box, and copy it to the clipboard
|
|
|
|
|
(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the
|
|
|
|
|
data into the open file, making sure it ends up all on one line.
|
|
|
|
|
Save the file.
|
|
|
|
|
|
|
|
|
|
\b If your server is OpenSSH and is using the SSH 2 protocol, you
|
|
|
|
|
should follow the same instructions except that the file will be
|
|
|
|
|
called \c{authorized_keys2}.
|
|
|
|
|
|
|
|
|
|
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
|
|
|
|
|
a \e{public} key file from PuTTYgen, and copy that into the
|
|
|
|
|
\c{.ssh2} directory on the server. Then you should go into that
|
|
|
|
|
\c{.ssh2} directory, and edit (or create) a file called
|
|
|
|
|
\c{authorization}. In this file you should put a line like \c{Key
|
|
|
|
|
mykey.pub}, with \c{mykey.pub} replaced by the name of your key
|
|
|
|
|
file.
|
|
|
|
|
|
|
|
|
|
\b For other SSH server software, you should refer to the manual for
|
|
|
|
|
that server.
|
|
|
|
|
|
|
|
|
|
From now on you should be able to use the private key for
|
|
|
|
|
authentication to this host. Either select the private key in
|
2001-11-25 17:32:39 +00:00
|
|
|
|
PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for
|
2001-09-22 20:52:21 +00:00
|
|
|
|
authentication} dialog or use it with Pageant as described in
|
|
|
|
|
\k{pageant}.
|