Differences

This shows you the differences between the selected revisions of the page.

2011-10-05 2011-10-05
Obtaining and Starting PuTTYgen (martin) ui_pageant (martin)
Line 71: Line 71:
===== [[comment]] Setting a Comment for Your Key ===== ===== [[comment]] Setting a Comment for Your Key =====
-If you have more than one key and use them for different purposes, you don't need to memorise the key fingerprints in order to tell them apart. PuTTYgen allows you to enter a comment for your key, which will be displayed whenever PuTTY or Pageant asks you for the passphrase.+If you have more than one key and use them for different purposes, you don't need to memorise the key fingerprints in order to tell them apart. PuTTYgen allows you to enter a comment for your key, which will be displayed whenever WinSCP or [[ui_pageant|Pageant]] asks you for the passphrase.
The default comment format, if you don't specify one, contains the key type and the date of generation, such as rsa-key-20011212. Another commonly used approach is to use your name and the name of the computer the key will be used on, such as simon@simons-pc. The default comment format, if you don't specify one, contains the key type and the date of generation, such as rsa-key-20011212. Another commonly used approach is to use your name and the name of the computer the key will be used on, such as simon@simons-pc.
Line 83: Line 83:
When you save the key, PuTTYgen will check that the //Key passphrase// and //Confirm passphrase// boxes both contain exactly the same passphrase, and will refuse to save the key otherwise. When you save the key, PuTTYgen will check that the //Key passphrase// and //Confirm passphrase// boxes both contain exactly the same passphrase, and will refuse to save the key otherwise.
-If you leave the passphrase fields blank, the key will be saved unencrypted. You should not do this without good reason; if you do, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key. If you want to be able to passwordless loginlog in without having to type a passphrase every time, you should consider using [[integration_app#pageant|Pageant]] so that your decrypted key is only held in memory rather than on disk.+If you leave the passphrase fields blank, the key will be saved unencrypted. You should not do this without good reason; if you do, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key. If you want to be able to passwordless loginlog in without having to type a passphrase every time, you should consider using [[ui_pageant|Pageant]] so that your decrypted key is only held in memory rather than on disk.
Under special circumstances you may genuinely need to use a key with no passphrase; for example, if you need to run an automated batch script that needs to make an SSH connection, you can't be there to type the passphrase. In this case we recommend you generate a special key for each specific batch script (or whatever) that needs one, and on the server side you should arrange that each key is restricted so that it can only be used for that specific purpose. The documentation for your SSH server should explain how to do this (it will probably vary between servers). Under special circumstances you may genuinely need to use a key with no passphrase; for example, if you need to run an automated batch script that needs to make an SSH connection, you can't be there to type the passphrase. In this case we recommend you generate a special key for each specific batch script (or whatever) that needs one, and on the server side you should arrange that each key is restricted so that it can only be used for that specific purpose. The documentation for your SSH server should explain how to do this (it will probably vary between servers).

Last modified: by martin