[olug] curious

Brian Wiese bwiese at cotse.com
Tue Dec 18 20:28:15 UTC 2001

Chris, first off, thanks for all the information, you were too generous. :)
I understand PKI fairly well, (but I have YET to start workn on PGP/GPG...)
but I'm just wondering how does one manage their keys?

> Now, when you make a ssh connection to the remote machine, ssh tells the
> remote machine that it has a SSH key, and asks the remote machine if it
> has a matching SSH public key in the directory
> $HOME/.ssh/authorized_keys (for the user ID you are attempting to login
> under).  If the remote machine does have a matching SSH key, it will
> issue a challenge which is answered by your entering the password you
> set for your private key.  If you enter the correct password, then you
> will be authenticated and given access on the machine.

So does this happen automatically with SSH2?  Everytime I ssh into a box
I haven't been in before, it asks if I want to accept its key or not.
(these go in the ~/.ssh/known_hosts file i figured out)
So, my question is, by just ssh'n into a box and watching this happen,
is that creating my public key and does all the key checking happen
automatically, or do I have to manually copy over my public key?
Is there an automatic key management or how do I manage my keys?

> One of the advantages of this method of authentication, is that you can
> distribute your SSH public key to many different machines, and then
> safely use the same password[2] to access them.  You can even make use
> of the ssh-agent[3] program, so you only have to enter your password at
> your initial login.

So this key kinda acts like a 'token' for me, something I have.  But how
does it mean I can 'safely use the same password' to access them?  Basically,
how is this 'managing of the keys' more secure than just sshn' in with a
password?  The password is sent encrypted in the channel no?

> > Should I always have the same ssh public key, or does it change from which
> > ever computer I am on?
> Generally, your home PC, laptop, etc, will have it's own SSH key pair,
> although it is possible to share your SSH private key among your
> computers.  Your public key can be distributed as widely as you like.
> Each SSH private key has it's own password, which you'll need to know in
> order to access any remote machine that is setup to allow authorization
> to that key.
> I hope this explains things halfway well, although it's 1:30am and I've
> been at home sick today (and I actually feel worse now than I did
> earlier), so I'm not sure how coherent it is.  I'll try my best to
> answer any additional questions you have, though.

no hurry, make sure you put your health first there mr. helpy helperton...
> > -Clueless
> > Brian


For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org


More information about the OLUG mailing list