2 How to use SSH 2 public-key authentication
7 pssh supports public-key authentication using RSA or DSA keys.
8 The private key data stored on the handheld may be encrypted
9 using a passphrase, or it may be passphrase-less. (See the
12 pssh cannot generate keypairs itself. pssh cannot currently
13 change the passphrase of an existing key pair.
18 Passphrase-less key pairs are more convenient (you don't have to
19 type any password when logging in), but they are MORE INSECURE than
20 passphrase-protected key pairs. Specifically, any person or program
21 with access to your handheld or its Backup data can easily steal your
22 private key and use it to connect as you. With passphrase-protected
23 keys, a stolen key pair is not useful unless the attacker also can
24 steal or guess your passphrase.
27 ## Authentication procedure ##
29 When you connect to a server, pssh attempts to authenticate using
30 any available public keys before prompting for an ordinary password.
31 The procedure is as follows:
32 1. pssh determines whether the server supports public-key authentication.
33 If the server does not, public-key authentication is skipped.
34 2. pssh attempts to authenticate using every passphrase-less key
36 3. pssh asks the server whether any of the available passphrase-
37 protected keys would be accepted for authentication.
38 4. pssh asks you for the passphrase for a passphrase-protected
39 key. If multiple passphrase-protected keys are acceptable on
40 the server, pssh allows you to choose which one to use.
41 5. If all public-key authentication attempts fail, pssh prompts you
42 for an ordinary (non-public-key) password.
44 It's possible that step #2 will cause trouble if you have many
45 passphrase-less keys and are attempting to connect to a paranoid
46 server that rejects the connection after a small number of failed
47 public-key authentication attempts. There is currently no workaround
48 for this; contact the author of pssh if you encounter this problem.
53 pssh does not generate key pairs itself. Instead, key pairs must be
54 imported from outside. Currently pssh can import OpenSSH-formatted
55 private key files via Memo Pad memos. A memo containing a key must
56 start with a one-line name, followed by the OpenSSH private key data.
58 With OpenSSH on Unix, these key files can be generated by `ssh-keygen`.
59 PuTTY on Windows can generate keys and export them in OpenSSH format.
61 Example Memo Pad memo (a passphrase-less RSA key):
63 This first line will be pssh's name for the key.
64 -----BEGIN RSA PRIVATE KEY-----
65 MIICWwIBAAKBgQCuWCQLxeyBlv1hu/rOWRYe8tBJ3HUQ8NEXbEgCm/4bmZaJ1WbS
66 0HTR3KXilKHp4rsBfWVkSNnn3oezo6ik6gCiR/5sijGSJnQti9yMu/lFZ3gVRO8A
67 ngus2CnQLmbGfZj/XnkP6f051hhyP0pO7kwZkaWWpuNTdHupFDVb50zNaQIBIwKB
68 gHeM5YRqdko7pm7nTOVEZvCmgDKlzJ3m9cbrKhBq92NiANOLBK3QxSIw5sdBWRVo
69 Rbfg9RGRCnMcP8ujbFPTqKioF46iMjw9AKbujDF8UrqAztIBOJKEunNHyE8QQovZ
70 linugtlkybgFLBIdEdFNG7ngtSfgui/SEFusdfkyngkSYgfygNUfsuKFNuynkfus
71 5j87FydxkPHqOe5UYXa4nhvUXvXnahw2E1uvQ4LRkLxek+0oOdTq4or5D5LNaVIM
72 zIiPXwJBAMFQZOPb+zL4Jsd4fqsWulR4XBzf62KNcFiu+ZiUkNdC1WjJH3MUWpov
73 OnfU26P9IIgOAoueyRf5E1hRZkvKADcCQQCyG0rslk/EAMXD0jXsIiZFD8yjA8NR
74 QtNhIRITkc+2+DYtSPaD9kVf9zPzT3wo+MdCjk7MBM7C3vY7TeydyG6ZAkAQkdzD
75 EtsEXmm5U3iSUme+GPHz2K3Gnmi3JPDSkGQvtUV+ApxLsUmYL+8RlebwzI3ChNul
76 kURvxORmp+QyYcWBAkEArW8tp3XMT9vHDncfiW8sxOp/IYhoyUef7QrSaR4DsitE
77 okRGOSIIpGRAPVOpZvVpAGuFdeYLiYC9I90TZSFx0Q==
78 -----END RSA PRIVATE KEY-----
80 Example (a passphrase-protected DSA key):
82 me@ssh-server.example.com's key
83 -----BEGIN DSA PRIVATE KEY-----
84 Proc-Type: 4,ENCRYPTED
85 DEK-Info: DES-EDE3-CBC,D0FCEE0E84F8608C
87 hYNAqkX7115lYiEpcBEE6i/gGKllDxapL/iNpx93Aj+fofksrlTRbbKEdLBOVyuf
88 2OMdzuQ56Wk96YE1gWHEdbK9QxyXL0rBQL5jMFJ1svKzRAgIo7VYPrSem+YjkC9u
89 GQex2zIwvbBh1CyQqtezQlxD2nmdPMEicvTbo0t14SoedXPUNI6wMsv/64mGbDfd
90 r0FYBXOyNn1yglNbkAOUMusrUfdzEa7oR1VG9pugXYzdDRx+bspJ9xm+4AZD2cwu
91 WsJN21U5ezJMQk763ImuFkyzw5TXKY1ZFUI22CWUrJpB4j87NScWUecFgfUGFYPn
92 nXonMAPNi65Kdr4ynx5GsNgxhoOWuWL+Qz0B2PPYS7dmJUdBmc6F71qquASsnpgu
93 sSLeLTm/GUt8gFVFc5WdURWQsIpt42dZx8/FXgVblZ2FSSuoOVEqgn9/ENh2Hz1S
94 Ft6fVnpSPyx11gqZlKYvGkHAyrf6Fr2+cnDBoK0AZ3wf8b5DYekEKmCKQFlAKBYs
95 YSeup9p1Qk3c9qxyOyWMM86/jqWbds3KZg7AfCJgUT/aAAaATHZKZWU2m/RINS/y
96 UoPPL7evby2FTjkW82Atrg==
97 -----END DSA PRIVATE KEY-----