3.13 Private Shell Key Agent
Private Shell Key Agent is the special utility from the Private Shell package intended for simplification of the key management, support of the Cryptographic tokens and temporary storing the master password. It is automatically installed along with the main program.
The main advantages of Private Shell Key Agent:
If you want to use Key Agent, first of all you have to start it. Open the "Start" menu, "Programs" (or "All Programs" if you are a Windows-XP user), "Private Shell", "Private Shell Agent". You will see the next window:
User keys in SSH Key Agent:
Master password status displays the current master password status (i.e. whether it is entered and held in the agent).
When master password is held in the agent, you can click the Clear button to remove it from the agent, or click the Change button to change it. In the latter case, you will be asked to enter the current master password first to ensure that you are authorized to change the master password.
Master password is saved in the agent... defines how long Key Agent will hold the master password. You can enter the desired time in minutes in the field below or check the Forever box to hold the master password without any time limit. Warning! It is not recommended to keep the master password in the Key Agent for a long time (and especially forever) because anyone having local access to your computer can try to steal it.
Cryptographic token manager
Library to work with token - this is the place where you should choose the library which will be used to work with your token. If you are unsure about the library name, click the Search for library... button. This will open the library search dialog. Otherwise, enter the library name in the "PKCS#11 (Cryptoki) .dll" field and click the Apply button.
If you decide to perform a search for the library, select the library from the list, click the Select button to close the dialog and click the Apply button in the previous dialog.
Cryptographic token - here you can select which cryptographic token Private Shell will use. You can logout from token by clicking the Logout button.
Keys in token. Keys that are located in the selected token are shown here.
Working with tokens
There are three ways you can use your token with Private Shell.
1. Key is generated inside the token. This is the most recommended way since private key never leaves the token and it provides the highest level of security. Please note that your token must support RSA keys and this must be an RSA key.
Click the Generate button to generate a new key right inside the token. During the key generation, you will be asked if you want to export the public part of the key into Private Shell. You should answer yes or export the public key yourself later.
2. Your token already contains one or more generated keys. In this case you should only export the public part of desired key into Private Shell. Click the Export public key button to export the public part of the selected key into Private Shell.
3. Key is generated in Private Shell and then is imported into token. This way is not recommended since it provides less security than the previous variants. But it is the only one acceptable if your token does not support RSA at all. Click the Import key... button to import existing key into token.
If your token supports RSA, the imported key becomes hardware protected by the token and only the public part of it can be exported later. In this case you should better generate a new key (please, look at the first case described above).
But if your token does not support RSA or you imported a non-RSA key in it, the token plays role of pin-code protected storage medium.
The Delete button will allow you to delete a key from token.
Please note that regardless of whether you generated a new key in the token or exported the existing one, you have to manually upload this key to the SSH server. Please read the Upload public key to the server topic.
Start automatically with Windows
Private Shell Key Agent is very convenient when you use password protected keys with scp.exe, ssh.exe or with third-party programs like CVS because you do not have to enter your key password each time the operation with the key is requested but only when you add a key to the agent. Please remember that you have to add keys to the agent every time it is started nevertheless (i.e. after every reboot, etc). This is because of security reasons.