[kwlug-disc] Tightening up SSH
John Van Ostrand
john at netdirect.ca
Mon Jul 19 10:16:02 EDT 2010
----- Original Message -----
> --- On Mon, 7/19/10, Johnny Ferguson <hyperflexed at gmail.com> wrote:
> > P.S. How do 2 machines determine an encryption key and
> > communicate this to each other without giving the key away?
>
> You transfer the key by other means.
The other means is actually automatic, through encryption using your private key.
Here the quickie on how it works:
1. You create a public/private key pair. Keep the private key on your local computer and keep it safe by encrypting with a strong password.
2. You transfer the public key to the remote system's .ssh/authorized_keys file. Since it's public you can transfer it any way you want. Cut and paste if you like, or use scp.
3. Next time you connect to the remote server you are authenticated using the public/private key system.
4. After authentication SSH uses the public/private keys to agree on a simpler shared key to use for encryption. The shared key is used because it is faster than the public/private key system. The shared key is weaker so by default SSH changes the key frequently. This all happens automatically.
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list