-\versionid $Id: pubkey.but,v 1.2 2001/02/06 09:34:42 owen Exp $
+\versionid $Id: pubkey.but,v 1.10 2001/11/25 17:32:39 simon Exp $
\# FIXME: passphrases, examples (e.g what does a key for pasting into
\# authorized_keys look like?), index entries, links.
\H{pubkey-intro} Public key authentication - an introduction
-\# Explain the basic principles of public key authentication. Many
-\# people don't have the faintest idea what it is or why it's good.
-
-\# Explain the dangers of leaving an unprotected private key around.
-\# Explain passphrases, and urge that people NEVER store
-\# unpassphrased keys unless they really need to or they can be sure
-\# the machine is secure.
-
-\H{pubkey-puttygen} PuTTYgen: RSA key generator for PuTTY
+Public key authentication is an alternative means of identifying
+yourself to a login server, instead of typing a password. It is more
+secure and more flexible, but more difficult to set up.
+
+In conventional password authentication, you prove you are who you
+claim to be by proving that you know the correct password. The only
+way to prove you know the password is to tell the server what you
+think the password is. This means that if the server has been
+hacked, or \e{spoofed} (see \k{gs-hostkey}), an attacker can learn
+your password.
+
+Public key authentication solves this problem. You generate a \e{key
+pair}, consisting of a public key (which everybody is allowed to
+know) and a private key (which you keep secret and do not give to
+anybody). The private key is able to generate \e{signatures}.
+A signature created using your private key cannot be forged by
+anybody who does not have that key; but anybody who has your public
+key can verify that a particular signature is genuine.
+
+So you generate a key pair on your own computer, and you copy the
+public key to the server. Then, when the server asks you to prove
+who you are, PuTTY can generate a signature using your private key.
+The server can verify that signature (since it has your public key)
+and allow you to log in. Now if the server is hacked or spoofed, the
+attacker does not gain your private key or password; they only gain
+one signature. And signatures cannot be re-used, so they have gained
+nothing.
+
+There is a problem with this: if your private key is stored
+unprotected on your own computer, then anybody who gains access to
+\e{that} will be able to generate signatures as if they were you. So
+they will be able to log in to your server under your account. For
+this reason, your private key is usually \e{encrypted} when it is
+stored on your local machine, using a passphrase of your choice. In
+order to generate a signature, PuTTY must decrypt the key, so you
+have to type your passphrase.
+
+This can make public-key authentication less convenient than
+password authentication: every time you log in to the server,
+instead of typing a short password, you have to type a longer
+passphrase. One solution to this is to use an \e{authentication
+agent}, a separate program which holds decrypted private keys and
+generates signatures on request. PuTTY's authentication agent is
+called Pageant. When you begin a Windows session, you start Pageant
+and load your public key into it (typing your passphrase once). For
+the rest of your session, you can start PuTTY any number of times
+and Pageant will automatically generate signatures without you
+having to do anything. When you close your Windows session, Pageant
+shuts down, without ever having stored your decrypted private key on
+disk. Many people feel this is a good compromise between security
+and convenience. See \k{pageant} for further details.
+
+\S{pubkey-types} Different types of public key
+
+The PuTTY key generator, described in \k{pubkey-puttygen}, offers
+you the opportunity to generate several types of key pair:
+
+\b An RSA key for use with the SSH 1 protocol.
+
+\b An RSA key for use with the SSH 2 protocol.
+
+\b A DSA key for use with the SSH 2 protocol.
+
+The SSH 1 protocol only supports RSA keys; if you will be connecting
+using the SSH 1 protocol, you must select the first key type or your
+key will be completely useless.
+
+SSH 2 supports more than one key type. The two types supported by
+PuTTY are RSA and DSA.
+
+The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
+intrinsic weakness which makes it very easy to create a signature
+which contains enough information to give away the \e{private} key!
+This would allow an attacker to pretend to be you for any number of
+future sessions. PuTTY's implementation has taken very careful
+precautions to avoid this weakness, but we cannot be 100% certain we
+have managed it, and if you have the choice we strongly recommend
+using RSA keys instead.
+
+If you really need to connect to an SSH server which only supports
+DSA, then you probably have no choice but to use DSA. If you do use
+DSA, we recommend you do not use the same key to authenticate with
+more than one server.
+
+\H{pubkey-puttygen} PuTTYgen: Key generator for PuTTY
PuTTYgen is a key generator. It generates pairs of public and private
keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY
RSA keys.
When you run PuTTYgen you will see a window where you have two
-choices: \e{Generate} new public/private key pair or \e{Load} an
-existing private key.
+choices: \q{Generate}, to generate a new public/private key pair, or
+\q{Load} to load in an existing private key.
\S{pubkey-puttygen-generate} Generate a new key
-Before generating a new key you have to chose the strength of the
-encryption. With \e{Parameters} you define the strength of the key. The
-default of 1024 should be OK for most users.
+Before generating a new key you have to choose the strength of the
+encryption, and the type of the key (see \k{pubkey-types}). With
+\q{Parameters} you define the strength of the key. The default of
+1024 should be OK for most users.
-Pressing the \e{Generate} button starts the process of generating a
+Pressing the \q{Generate} button starts the process of generating a
new key pair. You then have to move the mouse over the blank area in
order to generate random data for the algorithm. Continue until the
progress bar is complete.
-As soon as enough random data is available the key is generated. This
-may take a little while, especially on slow machines. Once the key is
-generated, its details appear in the \e{Key} part of the PuTTYgen
+As soon as enough random data is available the key is generated. This
+may take a little while, especially on slow machines. Once the key is
+generated, its details appear in the \q{Key} part of the PuTTYgen
window.
-Now you can change the \e{Key comment} to something more meaningful
-than the default (which is based on the current date). e.g. add the
-name of the host you will use it for. When using multiple keys a
-meaningful comment may help you remember which passphrase to use! You
-should always enter a \e{Key passphrase} and \e{Confirm passphrase} to
-protect your keys.
-
-\# Mention a good length for a passphrase. (I think Schneier
-\# said something about this on counterpane.com once.)
-
-\# In case people don't like the idea of exchanging a short password
-\# typed every time for a longer passphrase typed every time, link
-\# to the Pageant chapter.
-
-Finally save the key by pressing the \e{Save} button. Do not close the
+Now you can change the \q{Key comment} field to something more
+meaningful than the default (which is based on the current date).
+e.g. add the name of the host you will use it for. When using
+multiple keys a meaningful comment may help you remember which
+passphrase to use! You should always enter a passphrase in the
+\q{Key passphrase} and \q{Confirm passphrase} fields, to protect
+your keys.
+
+(Choosing a good passphrase is difficult. Just as you shouldn't use
+a dictionary word as a password because it's easy for an attacker to
+run through a whole dictionary, you should not use a song lyric,
+quotation or other well-known sentence as a passphrase. DiceWare
+(\W{http://www.diceware.com/}\cw{www.diceware.com}) recommends using
+at least five words each generated randomly by rolling five dice,
+which gives over 2^64 possible passphrases and is probably not a bad
+scheme. If you want your passphrase to make grammatical sense, this
+cuts down the possibilities a lot and you should use a longer one as
+a result.)
+
+Finally save the key by pressing the \q{Save} button. Do not close the
window but proceed with step \k{pubkey-gettingready}, otherwise you
-will have to \e{Load} the private key again as described below.
+will have to load the private key again (as described below).
\S{pubkey-puttygen-load} Load and modify a key
PuTTYgen does not store the public key in a file by default. If you
-have to distribute the public key you can press the \e{Load} button,
+have to distribute the public key you can press the \q{Load} button,
select the private key file, and PuTTYgen will give you the public key
again. You can also change the comment and passphrase for your
-private key this way. Just modify the values and \e{Save} the key.
+private key this way. Just modify the values and save the key.
\S{pubkey-gettingready} Getting ready for public key authentication
Connect to your SSH server using PuTTY with the SSH protocol. When the
connection succeeds you will be prompted for your user name and
-password to login. Once logged in change into the \c{.ssh} directory
-and open the file \c{authorized_keys} with your favorite editor (you
-may have to create this file if this is the first key to add).
-
-Switch to the PuTTYgen window and select all of the content below
-\e{Public key for pasting into authorized_keys file}, copy it to the
-clipboard (\c{Ctrl+C}). Then, switch back to the PuTTY window and
-insert the data into the open file. Save the file.
-
-From now on you can use the private key for authentication to this
-host. Either select the private key in PuTTY's \e{Connection},
-\e{SSH} panel: \e{Private key file for authentication} dialog or use
-it with Pageant as described in \k{pageant}.
-
-
+password to login. Once logged in, you must configure the server to
+accept your public key for authentication:
+
+\b If your server is using the SSH 1 protocol, you should change
+into the \c{.ssh} directory and open the file \c{authorized_keys}
+with your favorite editor. (You may have to create this file if this
+is the first key you have put in it). Then switch to the PuTTYgen
+window, select all of the text in the \q{Public key for pasting into
+authorized_keys file} box, and copy it to the clipboard
+(\c{Ctrl+C}). Then, switch back to the PuTTY window and insert the
+data into the open file, making sure it ends up all on one line.
+Save the file.
+
+\b If your server is OpenSSH and is using the SSH 2 protocol, you
+should follow the same instructions except that the file will be
+called \c{authorized_keys2}.
+
+\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
+a \e{public} key file from PuTTYgen, and copy that into the
+\c{.ssh2} directory on the server. Then you should go into that
+\c{.ssh2} directory, and edit (or create) a file called
+\c{authorization}. In this file you should put a line like \c{Key
+mykey.pub}, with \c{mykey.pub} replaced by the name of your key
+file.
+
+\b For other SSH server software, you should refer to the manual for
+that server.
+
+From now on you should be able to use the private key for
+authentication to this host. Either select the private key in
+PuTTY's \q{Connection}, \q{SSH} panel: \q{Private key file for
+authentication} dialog or use it with Pageant as described in
+\k{pageant}.