pageant.but 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445
  1. \C{pageant} Using \i{Pageant} for authentication
  2. Pageant is an SSH \i{authentication agent}. It holds your \i{private key}s
  3. in memory, already decoded, so that you can use them often
  4. \I{passwordless login}without needing to type a \i{passphrase}.
  5. \H{pageant-start} Getting started with Pageant
  6. Before you run Pageant, you need to have a private key in \c{*.\i{PPK}}
  7. format. See \k{pubkey} to find out how to generate and use one.
  8. When you run Pageant, it will put an icon of a computer wearing a
  9. hat into the \ii{System tray}. It will then sit and do nothing, until you
  10. load a private key into it. (You may need to use Windows'
  11. \q{Show hidden icons} arrow to see the Pageant icon.)
  12. If you click the Pageant icon with the right mouse button, you will
  13. see a menu. Select \q{View Keys} from this menu. The Pageant main
  14. window will appear. (You can also bring this window up by
  15. double-clicking on the Pageant icon.)
  16. The Pageant window contains a list box. This shows the private keys
  17. Pageant is holding. When you start Pageant, it has no keys, so the
  18. list box will be empty. After you add one or more keys, they will
  19. show up in the list box.
  20. To add a key to Pageant, press the \q{Add Key} button. Pageant will
  21. bring up a file dialog, labelled \q{Select Private Key File}. Find
  22. your private key file in this dialog, and press \q{Open}.
  23. Pageant will now load the private key. If the key is protected by a
  24. passphrase, Pageant will ask you to type the passphrase. When the
  25. key has been loaded, it will appear in the list in the Pageant
  26. window.
  27. Now start PuTTY and open an SSH session to a site that accepts your
  28. key. PuTTY will notice that Pageant is running, retrieve the key
  29. automatically from Pageant, and use it to authenticate. You can now
  30. open as many PuTTY sessions as you like without having to type your
  31. passphrase again.
  32. (PuTTY can be configured not to try to use Pageant, but it will try
  33. by default. See \k{config-ssh-tryagent} and
  34. \k{using-cmdline-agentauth} for more information.)
  35. When you want to shut down Pageant, click the right button on the
  36. Pageant icon in the System tray, and select \q{Exit} from the menu.
  37. Closing the Pageant main window does \e{not} shut down Pageant.
  38. If you want Pageant to stay running but forget all the keys it has
  39. acquired, select \q{Remove All Keys} from the System tray menu.
  40. \H{pageant-mainwin} The Pageant main window
  41. The Pageant main window appears when you left-click on the Pageant
  42. system tray icon, or alternatively right-click and select \q{View
  43. Keys} from the menu. You can use it to keep track of what keys are
  44. currently loaded into Pageant, and to add new ones or remove the
  45. existing keys.
  46. \S{pageant-mainwin-keylist} The key list box
  47. The large list box in the Pageant main window lists the private keys
  48. that are currently loaded into Pageant. The list might look
  49. something like this:
  50. \c Ed25519 SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w
  51. \c RSA 2048 SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg
  52. For each key, the list box will tell you:
  53. \b The type of the key. Currently, this can be
  54. \q{RSA} (an RSA key for use with the SSH-2 protocol),
  55. \q{DSA} (a DSA key for use with the SSH-2 protocol),
  56. \q{\i{NIST}} (an ECDSA key for use with the SSH-2 protocol),
  57. \q{Ed25519} (an Ed25519 key for use with the SSH-2 protocol),
  58. \q{Ed448} (an Ed448 key for use with the SSH-2 protocol),
  59. or \q{SSH-1} (an RSA key for use with the old SSH-1 protocol).
  60. (If the key has an associated certificate, this is shown here with a
  61. \q{cert} suffix.)
  62. \b The size (in bits) of the key, for key types that come in different
  63. sizes. (For ECDSA \q{NIST} keys, this is indicated as \q{p256} or
  64. \q{p384} or \q{p521}.)
  65. \b The \I{key fingerprint}fingerprint for the public key. This should be
  66. the same fingerprint given by PuTTYgen, and (hopefully) also the same
  67. fingerprint shown by remote utilities such as \i\c{ssh-keygen} when
  68. applied to your \c{authorized_keys} file.
  69. \lcont{
  70. For SSH-2 keys, by default this is shown in the \q{SHA256} format. You
  71. can change to the older \q{MD5} format (which looks like \c{aa:bb:cc:...})
  72. with the \q{Fingerprint type} drop-down, but bear in mind that this
  73. format is less secure and should be avoided for comparison purposes
  74. where possible.
  75. If some of the keys loaded into Pageant have certificates attached,
  76. then Pageant will default to showing the fingerprint of the underlying
  77. key. This way, a certified and uncertified version of the same key
  78. will have the same fingerprint, so you can see that they match. You
  79. can instead use the \q{Fingerprint type} drop-down to ask for a
  80. different fingerprint to be shown for certified keys, which includes
  81. the certificate as part of the fingerprinted data. That way you can
  82. tell two certificates apart.
  83. }
  84. \b The comment attached to the key.
  85. \b The state of deferred decryption, if enabled for this key.
  86. See \k{pageant-deferred-decryption}.
  87. \S{pageant-mainwin-addkey} The \q{Add Key} button
  88. To add a key to Pageant by reading it out of a local disk file,
  89. press the \q{Add Key} button in the Pageant main window, or
  90. alternatively right-click on the Pageant icon in the system tray and
  91. select \q{Add Key} from there.
  92. Pageant will bring up a file dialog, labelled \q{Select Private Key
  93. File}. Find your private key file in this dialog, and press
  94. \q{Open}. If you want to add more than one key at once, you can
  95. select multiple files using Shift-click (to select several adjacent
  96. files) or Ctrl-click (to select non-adjacent files).
  97. Pageant will now load the private key(s). If a key is protected by a
  98. passphrase, Pageant will ask you to type the passphrase.
  99. (This is not the only way to add a private key to Pageant. You can
  100. also add one from a remote system by using agent forwarding; see
  101. \k{pageant-forward} for details.)
  102. \S{pageant-mainwin-remkey} The \q{Remove Key} button
  103. If you need to remove a key from Pageant, select that key in the
  104. list box, and press the \q{Remove Key} button. Pageant will remove
  105. the key from its memory.
  106. You can apply this to keys you added using the \q{Add Key} button,
  107. or to keys you added remotely using agent forwarding (see
  108. \k{pageant-forward}); it makes no difference.
  109. \H{pageant-cmdline} The Pageant command line
  110. Pageant can be made to do things automatically when it starts up, by
  111. \I{command-line arguments}specifying instructions on its command line.
  112. If you're starting Pageant from the Windows GUI, you can arrange this
  113. by editing the properties of the \i{Windows shortcut} that it was
  114. started from.
  115. If Pageant is already running, invoking it again with the options
  116. below causes actions to be performed with the existing instance, not a
  117. new one.
  118. \S{pageant-cmdline-loadkey} Making Pageant automatically load keys
  119. on startup
  120. Pageant can automatically load one or more private keys when it
  121. starts up, if you provide them on the Pageant command line. Your
  122. command line might then look like:
  123. \c C:\PuTTY\pageant.exe d:\main.ppk d:\secondary.ppk
  124. If the keys are stored encrypted, Pageant will request the
  125. passphrases on startup.
  126. If Pageant is already running, this syntax loads keys into the
  127. existing Pageant.
  128. You can specify the \cq{--encrypted} option to defer decryption of
  129. these keys; see \k{pageant-deferred-decryption}.
  130. \S{pageant-cmdline-command} Making Pageant run another program
  131. You can arrange for Pageant to start another program once it has
  132. initialised itself and loaded any keys specified on its command
  133. line. This program (perhaps a PuTTY, or a WinCVS making use of
  134. Plink, or whatever) will then be able to use the keys Pageant has
  135. loaded.
  136. You do this by specifying the \I{-c-pageant}\c{-c} option followed
  137. by the command, like this:
  138. \c C:\PuTTY\pageant.exe d:\main.ppk -c C:\PuTTY\putty.exe
  139. \S{pageant-cmdline-openssh} Integrating with \i{Windows OpenSSH}
  140. Windows's own port of OpenSSH uses the same mechanism as Pageant to
  141. talk to its SSH agent (Windows named pipes). This means that Windows
  142. OpenSSH can talk directly to Pageant, if it knows where to find
  143. Pageant's named pipe.
  144. When Pageant starts up, it can optionally write out a file containing
  145. an OpenSSH configuration directive that tells the Windows \c{ssh.exe}
  146. where to find Pageant. If you include this file from your Windows SSH
  147. configuration, then \c{ssh.exe} should automatically use Pageant as
  148. its agent, so that you can keep your keys in one place and have both
  149. SSH clients able to use them.
  150. The option is \i\c{--openssh-config}, and you follow it with a filename.
  151. To refer to this file from your main OpenSSH configuration, you can
  152. use the \cq{Include} directive. For example, you might run Pageant
  153. like this (with your own username substituted, of course):
  154. \c pageant --openssh-config C:\Users\Simon\.ssh\pageant.conf
  155. and then add a directive like this to your main \cq{.ssh\\config} file
  156. (assuming that lives in the same directory that you just put
  157. \cw{pageant.conf}):
  158. \c Include pageant.conf
  159. \s{Note}: this technique only works with \e{Windows's} port of
  160. OpenSSH, which lives at \cw{C:\\Windows\\System32\\OpenSSH\\ssh.exe}
  161. if you have it installed. (If not, it can be installed as a Windows
  162. optional feature, e.g., via Settings > Apps & features > Optional
  163. features > Add a feature > OpenSSH Client.)
  164. There are other versions of OpenSSH for Windows, notably the one that
  165. comes with Windows \cw{git}. Those will likely not work with the same
  166. configuration, because they tend to depend on Unix emulation layers
  167. like MinGW or MSys, so they won't speak Windows native pathname syntax
  168. or understand named pipes. The above instructions will only work with
  169. Windows's own version of OpenSSH.
  170. So, if you want to use Windows \cw{git} with an SSH key held in
  171. Pageant, you'll have to set the environment variable \cw{GIT_SSH}, to
  172. point at a different program. You could point it at
  173. \cw{c:\\Windows\\System32\\OpenSSH\\ssh.exe} once you've done this
  174. setup \dash but it's just as easy to point it at Plink!
  175. \S{pageant-cmdline-unix} Unix-domain sockets: integrating with WSL 1
  176. Pageant can listen on the WinSock implementation of \q{Unix-domain
  177. sockets}. These interoperate with the Unix-domain sockets found in the
  178. original Windows Subsystem for Linux (now known as WSL 1). So if you
  179. ask Pageant to listen on one of these, then your WSL 1 processes can
  180. talk directly to Pageant.
  181. To configure this, run Pageant with the option \c{--unix}, followed
  182. with a pathname. Then, in WSL 1, set the environment variable
  183. \cw{SSH_AUTH_SOCK} to point at the WSL translation of that pathname.
  184. For example, you might run
  185. \c pageant --unix C:\Users\Simon\.ssh\agent.sock
  186. and in WSL 1, set the environment variable
  187. \c SSH_AUTH_SOCK=/mnt/c/Users/Simon/.ssh/agent.sock
  188. Alternatively, you can add a line to your \cw{.ssh/config} file inside
  189. WSL that says
  190. \c IdentityAgent /mnt/c/Users/Simon/.ssh/agent.sock
  191. although doing it like that may mean that \cw{ssh-add} commands won't
  192. find the agent, even though \cw{ssh} itself will.
  193. \s{Security note}: Unix-domain sockets are protected against access by
  194. other users by the file protections on their containing directory. So
  195. if your Windows machine is multiuser, make sure you create the socket
  196. inside a directory that other users can't access at all. (In fact,
  197. that's a good idea on general principles.)
  198. \s{Compatibility note}: WSL 2 processes cannot talk to Pageant by this
  199. mechanism, because WSL 2's Unix-domain sockets are managed by a
  200. separate Linux kernel, and not by the same kernel that WinSock talks
  201. to.
  202. \S{pageant-cmdline-keylist} Starting with the key list visible
  203. Start Pageant with the \i\c{--keylist} option to show the main window
  204. as soon as it starts up.
  205. \S{pageant-cmdline-restrict-acl} Restricting the \i{Windows process ACL}
  206. Pageant supports the same \i\c{-restrict-acl} option as the other
  207. PuTTY utilities to lock down the Pageant process's access control;
  208. see \k{using-cmdline-restrict-acl} for why you might want to do this.
  209. By default, if Pageant is started with \c{-restrict-acl}, it won't
  210. pass this to any PuTTY sessions started from its System Tray submenu.
  211. Use \c{-restrict-putty-acl} to change this. (Again, see
  212. \k{using-cmdline-restrict-acl} for details.)
  213. \H{pageant-forward} Using \i{agent forwarding}
  214. Agent forwarding is a mechanism that allows applications on your SSH
  215. server machine to talk to the agent on your client machine.
  216. Note that at present, whether agent forwarding in SSH-2 is available
  217. depends on your server. Pageant's protocol is compatible with the
  218. \i{OpenSSH} server, but the \i\cw{ssh.com} server uses a different
  219. agent protocol, which PuTTY does not yet support.
  220. To enable agent forwarding, first start Pageant. Then set up a PuTTY
  221. SSH session in which \q{Allow agent forwarding} is enabled (see
  222. \k{config-ssh-agentfwd}). Open the session as normal. (Alternatively,
  223. you can use the \c{-A} command line option; see
  224. \k{using-cmdline-agent} for details.)
  225. If this has worked, your applications on the server should now have
  226. access to a Unix domain socket which the SSH server will forward
  227. back to PuTTY, and PuTTY will forward on to the agent. To check that
  228. this has actually happened, you can try this command on Unix server
  229. machines:
  230. \c unixbox:~$ echo $SSH_AUTH_SOCK
  231. \c /tmp/ssh-XXNP18Jz/agent.28794
  232. \c unixbox:~$
  233. If the result line comes up blank, agent forwarding has not been
  234. enabled at all.
  235. Now if you run \c{ssh} on the server and use it to connect through
  236. to another server that accepts one of the keys in Pageant, you
  237. should be able to log in without a password:
  238. \c unixbox:~$ ssh -v otherunixbox
  239. \c [...]
  240. \c debug: next auth method to try is publickey
  241. \c debug: userauth_pubkey_agent: trying agent key my-putty-key
  242. \c debug: ssh-userauth2 successful: method publickey
  243. \c [...]
  244. If you enable agent forwarding on \e{that} SSH connection as well
  245. (see the manual for your server-side SSH client to find out how to
  246. do this), your authentication keys will still be available on the
  247. next machine you connect to - two SSH connections away from where
  248. they're actually stored.
  249. In addition, if you have a private key on one of the SSH servers,
  250. you can send it all the way back to Pageant using the local
  251. \i\c{ssh-add} command:
  252. \c unixbox:~$ ssh-add ~/.ssh/id_rsa
  253. \c Need passphrase for /home/fred/.ssh/id_rsa
  254. \c Enter passphrase for /home/fred/.ssh/id_rsa:
  255. \c Identity added: /home/fred/.ssh/id_rsa (/home/simon/.ssh/id_rsa)
  256. \c unixbox:~$
  257. and then it's available to every machine that has agent forwarding
  258. available (not just the ones downstream of the place you added it).
  259. \H{pageant-deferred-decryption} Loading keys without decrypting them
  260. You can add keys to Pageant \e{without} decrypting them. The key
  261. file will be held in Pageant's memory still encrypted, and when a
  262. client program first tries to use the key, Pageant will display a
  263. dialog box prompting for the passphrase so that the key can be
  264. decrypted.
  265. This works the same way whether the key is used by an instance of
  266. PuTTY running locally, or a remote client connecting to Pageant
  267. through agent forwarding.
  268. To add a key to Pageant in this encrypted form, press the \q{Add Key
  269. (encrypted)} button in the Pageant main window, or alternatively
  270. right-click on the Pageant icon in the system tray and select \q{Add
  271. Key (encrypted)} from there. Pageant will bring up a file dialog, in
  272. just the same way as it would for the plain \q{Add Key} button. But it
  273. won't ask for a passphrase. Instead, the key will be listed in the
  274. main window with \q{(encrypted)} after it.
  275. To start Pageant up in the first place with encrypted keys loaded into
  276. it, you can use the \cq{--encrypted} option on the command line. For
  277. example:
  278. \c C:\PuTTY\pageant.exe --encrypted d:\main.ppk
  279. After a key has been decrypted for the first use, it remains
  280. decrypted, so that it can be used again. The main window will list
  281. the key with \q{(\i{re-encryptable})} after it. You can revert it
  282. to the previous state, where a passphrase is required, using the
  283. \q{\i{Re-encrypt}} button in the Pageant main window.
  284. You can also \q{re-encrypt} all keys that were added encrypted by
  285. choosing \q{Re-encrypt All Keys} from the System tray menu.
  286. (Note that this does \e{not} discard cleartext keys that were not
  287. previously added encrypted!)
  288. \s{CAUTION}: When Pageant displays a prompt to decrypt an
  289. already-loaded key, it cannot give keyboard focus to the prompt dialog
  290. box. As far as I know this is a deliberate defensive measure by
  291. Windows, against malicious software. So make sure you click in the
  292. prompt window before typing your passphrase, or else the passphrase
  293. might be sent to somewhere you didn't want to trust with it!
  294. \H{pageant-security} Security considerations
  295. \I{security risk}Using Pageant for public-key authentication gives you the
  296. convenience of being able to open multiple SSH sessions without
  297. having to type a passphrase every time, but also gives you the
  298. security benefit of never storing a decrypted private key on disk.
  299. Many people feel this is a good compromise between security and
  300. convenience.
  301. It \e{is} a compromise, however. Holding your decrypted private keys
  302. in Pageant is better than storing them in easy-to-find disk files,
  303. but still less secure than not storing them anywhere at all. This is
  304. for two reasons:
  305. \b Windows unfortunately provides no way to protect pieces of memory
  306. from being written to the system \i{swap file}. So if Pageant is holding
  307. your private keys for a long period of time, it's possible that
  308. decrypted private key data may be written to the system swap file,
  309. and an attacker who gained access to your hard disk later on might
  310. be able to recover that data. (However, if you stored an unencrypted
  311. key in a disk file they would \e{certainly} be able to recover it.)
  312. \b Although, like most modern operating systems, Windows prevents
  313. programs from accidentally accessing one another's memory space, it
  314. does allow programs to access one another's memory space
  315. deliberately, for special purposes such as debugging. This means
  316. that if you allow a virus, trojan, or other malicious program on to
  317. your Windows system while Pageant is running, it could access the
  318. memory of the Pageant process, extract your decrypted authentication
  319. keys, and send them back to its master.
  320. Similarly, use of agent \e{forwarding} is a security improvement on
  321. other methods of one-touch authentication, but not perfect. Holding
  322. your keys in Pageant on your Windows box has a security advantage
  323. over holding them on the remote server machine itself (either in an
  324. agent or just unencrypted on disk), because if the server machine
  325. ever sees your unencrypted private key then the sysadmin or anyone
  326. who cracks the machine can steal the keys and pretend to be you for
  327. as long as they want.
  328. However, the sysadmin of the server machine can always pretend to be
  329. you \e{on that machine}. So if you forward your agent to a server
  330. machine, then the sysadmin of that machine can access the forwarded
  331. agent connection and request signatures from any of your private keys,
  332. and can therefore log in to other machines as you. They can only do
  333. this to a limited extent - when the agent forwarding disappears they
  334. lose the ability - but using Pageant doesn't actually \e{prevent} the
  335. sysadmin (or hackers) on the server from doing this.
  336. Therefore, if you don't trust the sysadmin of a server machine, you
  337. should \e{never} use agent forwarding to that machine. (Of course
  338. you also shouldn't store private keys on that machine, type
  339. passphrases into it, or log into other machines from it in any way
  340. at all; Pageant is hardly unique in this respect.)