Table of Contents

Methods of authentication

When connecting to remote system through SSH, user authentication is required. There are several possible methods. WinGDB currently supports the ones listed below.

Entering the password directly in the login string

If security is no particular concern (e.g. a computer at home, or in a lab that no unauthorized persons have access to), you can enter the password directly in the login string. The format is user:password@hostname:port. This will save you from entering the password everytime you start a session. But beware, since this method might be insecure. WinGDB encrypts passwords when storing settings, although someone can still break the encryption if they want it badly. The port is optional, if you do not specify one, default port 22 will be assumed.

Using the password dialog

Much more secure (but less convenient) method is letting WinGDB display the password dialog.

It will happen when you provide no password in the login string. Type the password in the dialog box. It will not be stored anywhere nor explicitly displayed in any circumstances. It will be sent to the server in encrypted form. This is quite secure method.

Using the public key authentication via SSH agent

Authentication methods involving entering a password have several vulnerabilities. Keyboard activity may be intercepted, or the remote side forged. More secure methods have been invented, which base on public key cryptography. You put your public key on a server, then authenticate using your secret private key. This key is never sent to the server, instead some information digitally signed by this key is being sent. This way the server can verify your identity. You do not have to type anything, and even the server is spoofed, it won't learn the key itself (only some temporary "cookie").

WinGDB supports this method through usage of so-called SSH agent. The agent is a program which manages your keys and performs signing of the cookies on demand. This way, WinGDB also does not see your private keys at all. All it does is to connect to the agent and ask it to sign some piece of information, valid for single session only.

While there are several implementations of SSH agent, on Windows there is one most widely used, namely Pageant. This program is free and comes with popular Putty terminal software. WinGDB supports only this particular implementation.

To use Pageant, you have to download and configure it. You will have to generate your private and public key pair, unless you already have one. You also have to configure your server properly. Please read the Pageant documentation for instructions. When everything is configured, it takes only to run Pageant and add your private key (or keys) to it. The window should look similar to the picture below:

After adding the keys, you can close the window. Pageant will stay running in the background. Now, when WinGDB displays password dialog, you can press Use agent button instead typing a password. WinGDB will try to connect to Pageant and authenticate with help of it.

You can also completely disable the password dialog, by enabling the Always use SSH agent to authenticate option in WinGDB preferences. It will use Pageant by default. This method is both convenient and secure at the same time.

Table of Contents

Copyright (C) 2008-2019 SOFT-ERG. All rights reserved.