ui_puttygen » Revisions »
Differences
This shows you the differences between the selected revisions of the page.
| 2024-07-19 | 2026-04-02 (current) | ||
| Restored revision 1715237849. Undoing revisions 1721339082, 1721339109. (martin) (hidden) | 6.6.1 Issue 1682 – Support OpenSSH ssh-agent (martin) | ||
| Line 96: | Line 96: | ||
| ===== [[comment]] Setting a Comment for Your Key ===== | ===== [[comment]] Setting a Comment for Your Key ===== | ||
| - | If you have more than one key and use them for different purposes, you don't need to memorize the key fingerprints in order to tell them apart. PuTTYgen allows you to enter a comment for your key, which will be displayed whenever WinSCP or [[ui_pageant|Pageant]] asks you for the passphrase. | + | If you have more than one key and use them for different purposes, you don't need to memorize the key fingerprints in order to tell them apart. PuTTYgen allows you to enter a comment for your key, which will be displayed whenever WinSCP or an authentication agent (such as [[ui_pageant|Pageant]]) asks you for the passphrase. |
| The default comment format, if you don't specify one, contains the key type and the date of generation, such as rsa-key-20011212. Another commonly used approach is to use your name and the name of the computer the key will be used on, such as simon@simons-pc. | The default comment format, if you don't specify one, contains the key type and the date of generation, such as rsa-key-20011212. Another commonly used approach is to use your name and the name of the computer the key will be used on, such as simon@simons-pc. | ||
| Line 108: | Line 108: | ||
| When you save the key, PuTTYgen will check that the //Key passphrase// and //Confirm passphrase// boxes both contain exactly the same passphrase, and will refuse to save the key otherwise. | When you save the key, PuTTYgen will check that the //Key passphrase// and //Confirm passphrase// boxes both contain exactly the same passphrase, and will refuse to save the key otherwise. | ||
| - | If you leave the passphrase fields blank, the key will be saved unencrypted. You should not do this without good reason; if you do, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key. If you want to be able to passwordless log in without having to type a passphrase every time, you should consider using [[ui_pageant|Pageant]] so that your decrypted key is only held in memory rather than on disk. | + | If you leave the passphrase fields blank, the key will be saved unencrypted. You should not do this without good reason; if you do, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key. If you want to be able to passwordless log in without having to type a passphrase every time, you should consider using an authentication agent (such as [[ui_pageant|Pageant]]) so that your decrypted key is only held in memory rather than on disk. |
| Under special circumstances you may genuinely need to use a key with no passphrase; for example, if you need to run an automated batch script that needs to make an SSH connection, you can't be there to type the passphrase. In this case we recommend you generate a special key for each specific batch script (or whatever) that needs one, and on the server side you should arrange that each key is restricted so that it can only be used for that specific purpose. The documentation for your SSH server should explain how to do this (it will probably vary between servers). | Under special circumstances you may genuinely need to use a key with no passphrase; for example, if you need to run an automated batch script that needs to make an SSH connection, you can't be there to type the passphrase. In this case we recommend you generate a special key for each specific batch script (or whatever) that needs one, and on the server side you should arrange that each key is restricted so that it can only be used for that specific purpose. The documentation for your SSH server should explain how to do this (it will probably vary between servers). | ||