Generating Keys
If you are going to connect to a remote host computer using public-key
authentication, you will have to generate a key pair before
connecting.
Public-key authentication is based on the use of digital signatures.
Each user creates a pair of key files. One of these key files is the
user's public key, and the other is the user's private key. The server
knows the user's public key, and only the user has the private key.
When the user tries to authenticate, the server checks for matching
public keys and sends a challenge to the user end. The
users are authenticated by signing the challenge using their private keys.
Remember that your private key file is used to authenticate you. Never
expose your private keys. If anyone else can access your private key
file, they can attempt to log in to the remote host computer as you, and
claim to be you. Therefore it is extremely important that you keep your
private key file in a secure place and make sure that no one else has
access to it.
Do not use public-key authentication on a computer that is shared with
other users. Generate keys only on your personal computer that no one
else can access!
Also note that if you are using the Windows roaming profiles functionality, your
personal settings will be replicated with the roaming profile server. If you
store your private keys in the default location (under the profile folder of
your Windows user account) your private keys may be susceptible to a malicious
user listening to the network traffic. Therefore the User Settings folder should
not be a directory that is used in profile roaming.
In order to use public-key authentication, you must first generate your
own key pair. You can generate your own key files with the help of a
built-in Key Generation wizard.
You can also import existing keys on the Keys page of the
Settings dialog. See Section Managing Keys.
