Key Generation
If you are going to connect to a remote host computer using public-key
authentication, you will have to generate your key pair before
connecting.
Public-key authentication is based on the use of digital signatures.
Each user creates a pair of 'key' files. One of these key files is
the user's public key, and the other is the user's private
key. The server knows the user's public key, and only the user
has the private key.
When the user tries to authenticate herself, the server checks for matching
public keys and sends a challenge to the user end. The
user is authenticated by signing the challenge using her private key.
Remember that your private key file is used to authenticate you.
Never expose your private keys. If anyone else can access your private key
file, they can attempt to login to the remote host computer as
you, and claim to be you. Therefore it is extremely important that you keep your
private key file in a secure place and make sure that no one else has
access to it.
Do not use public-key authentication on a computer that is shared
with other users. Generate keys only on your personal computer that no one else
can access!
Also note that if you are using the Windows roaming profiles functionality, your
personal settings will be replicated with the roaming profile server. If you
store your private keys in the default location (under the profile folder of
your Windows user account) your private keys may be suspected to a malicious
user listening to the network traffic. Therefore the User Settings folder should
not be a directory that will be used in profile roaming.
In order to use public-key authentication, you must first generate
your own key pair. You can generate your own key files
with the help of a built-in key generation wizard.
