Differences
This shows you the differences between the selected revisions of the page.
| 2018-09-24 | 2018-09-24 | ||
| removing not really correct section on user key pair (martin) | reduce acronyms (martin) | ||
| Line 5: | Line 5: | ||
| ===== User Private Key ===== | ===== User Private Key ===== | ||
| - | A //user private key// is key that is kept secret by the SSH user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity. | + | A //user private key// is key that is kept secret by the %%SSH%% user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity. |
| To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | ||
| Line 14: | Line 14: | ||
| A user public key is a counterpart to //user private key//. They are generated at the same time. The //user public key// can be safely revealed to anyone, without compromising user identity. | A user public key is a counterpart to //user private key//. They are generated at the same time. The //user public key// can be safely revealed to anyone, without compromising user identity. | ||
| - | To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread SSH server implementation, the OpenSSH, file ''~/.ssh/authorized_keys'' is used for that. | + | To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread %%SSH%% server implementation, the OpenSSH, file ''~/.ssh/authorized_keys'' is used for that. |
| //Learn more about [[public_key|public key authentication]] in general and how to [[guide_public_key|setup authentication with public keys]].// | //Learn more about [[public_key|public key authentication]] in general and how to [[guide_public_key|setup authentication with public keys]].// | ||
| ===== Host Private Key ===== | ===== Host Private Key ===== | ||
| - | A //host private key// is generated when the SSH server is set up. It is safely stored in a location that should be accessible by a server administrator only. The user connecting to the SSH server does not need to care about //host private key// in general. | + | A //host private key// is generated when the %%SSH%% server is set up. It is safely stored in a location that should be accessible by a server administrator only. The user connecting to the %%SSH%% server does not need to care about //host private key// in general. |
| ===== Host Public Key ===== | ===== Host Public Key ===== | ||