Key Management
F-Secure SSH Client supports public-key authentication with RSA or DSA keys. It can generate keys with its built-in Key Generation Wizard or use existing SSH-1 or SSH-2 keys.
Generating Keys
The Key Generation Wizard is accessible within the program from the Tools menu. The wizard prompts you for the key-generation algorithm (RSA or DSA), the number of bits in the key, the key comment and passphrase, and the name of the key. After generation, the key is stored in the Windows registry and is accessible from the Properties window under User Keys. Incidentally, the Windows registry key is:
HKEY_CURRENT_USER\Software\Data Fellows\F-Secure SSH 2.0
Importing Existing Keys
F-Secure SSH Client stores keys in the Windows registry. Most other SSH products store keys in files, so if you want to use an existing key with F-Secure, you must import it into the registry:
- Bring up the Properties window.
- Select User Keys.
- Select the RSA or DSA tab, if you are importing an RSA or DSA key.
- Select the "Import..." button.
- Browse to your key file, and select it.
- Type the key's passphrase (for SSH-1 format keys only).
The key is now imported into F-Secure and ready to use.
Installing Public Keys
For SSH-2 public keys only, F-Secure SSH Client includes the Key Registration Wizard, which automatically uploads and installs your public key on an SSH-2 server machine where your remote account resides. What a great feature! Of course the operation is secure: it connects to your remote account by SSH-2 using password authentication.SSH-1 public keys must be installed manually on the server. Connect the remote host using password authentication, and then open the Properties window and select User Keys. From here you have two choices:
- Export your public key to a file, using the "Export..." button, then transfer the file to the remote server machine, and copy its contents into your authorized_keys file.
- Copy your public key to the Windows clipboard, using the Copy To Clipboard button, and then paste it into your remote authorized_keys file.
Using Keys
Unlike most Unix SSH products, F-Secure SSH Client doesn't let you specify which key to use for a session. Instead, it tries each key in turn. When one matches a public key on the server, you are prompted for your passphrase. To reject F-Secure's choice of key and use a different one, press the Escape key or click Cancel, and the next key is selected and tried. If all keys fail, the program falls back to password authentication.