Differences
This shows you the differences between the selected revisions of the page.
| 2023-02-11 | 2023-02-11 | ||
| no summary (45.98.4.216) (hidden) (untrusted) | no summary (45.98.4.216) (hidden) (untrusted) | ||
| Line 1: | Line 1: | ||
| - | ====== Understanding SSH Key Pairs ====== | + | PuTTY-User-Key-File-2: ssh-rsa |
| - | In every SSH/SFTP connection there are four keys (or two key-pairs) involved. This article explains a difference between them and what keys an %%SFTP%% client user needs to care about. | + | Encryption: none |
| - | + | Comment: hassan | |
| - | The %%SSH%% employs a public key cryptography. A [[wp>Public-key_cryptography|public-key cryptography]], also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public.((&wikipedia_ref(Public-key_cryptography|Public-key cryptography))) Together they are known as a key-pair. In %%SSH%%, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, the other as a user (client) key. | + | Public-Lines: 6 |
| - | + | AAAAB3NzaC1yc2EAAAABJQAAAQEAo4nCb/HqM4jj+0nMJ2LC6CP6MuFQGfYhMOTZ | |
| - | ===== User Private Key ===== | + | gi1fzBckdbayv5zAQqihwFOHzQ+cUmfS0MqN844N/qaABWALIWSHFAFvNDeFUdP6 |
| - | A //user private key// is a key that is kept secret by the %%SSH%% user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity. | + | wLPouNFICSMekDQUVAYf+uzN7QXXAFjasWKjisr8DKxb5CgvPoLdIDlzITWZuBSW |
| - | + | QhlfxJQ9ZeSmXc5HwYwRJI2AxejjriRas4ffM8aSpd4vCqcmL6xaIrokxWRstcRa | |
| - | To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | + | IRMTxOigE0wxmjwE9lLnrgmv6dJKUaHCmjU64gjVH1sMWL/sKBMF7Z5UFzcTq5tG |
| - | + | 5IxvR7sy8GIZ3kRaOGxhiWHESyfS4L3oBXvehV08WmMfeWuV6w== | |
| - | Different file formats are used to store private keys. WinSCP supports PuTTY format, with ''.ppk'' extension. | + | Private-Lines: 14 |
| - | + | AAABAGoUKxguNwyr0iZ1Ds1wfm0QavCSJh6tfVAlvYTfKWHJ0nXeSm5zg6DcFeSJ | |
| - | ===== User Public Key ===== | + | NX4X9rH+J+Fgysd+vPg0phFTDiN/ejZ9eJCSt1esGEWlIVVJetV+kF2JkKU0Z8Vb |
| - | A user public key is a counterpart to //user private key//. They are generated at the same time. The //user public key// can be safely revealed to anyone, without compromising user identity. | + | VSQfdrQd9aN+QJFhEjG76JP+Y9WFUSmouWGmOjI23gFckSWPjAre80H2ahoPHawF |
| - | + | tCOVY9wNcFsndm+ldF2s/CmYAD/+HIanu7FzVkrpFgzlqHsny1476jN1zfoOO8Xb | |
| - | To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread %%SSH%% server implementation, the OpenSSH, file ''~/.ssh/authorized_keys'' is used for that. | + | 7U4DyXkQS2IC5es3caKWsndgDOEjplVoEzZB/2UTNZsBe32+atvSvDdMcdUAvlrM |
| - | + | KvDhjJ3zi96+RET1ZWyiuQk7jy0AAACBAN+Vp0a3JzOLGpTHueg752iulu/ohzcy | |
| - | //Learn more about [[public_key|public key authentication]] in general and how to [[guide_public_key|setup authentication with public keys]].// | + | +w1vDb3GPkFQ8rkyLA9wfbrFIawfdkH7gZMXBAjRkhzfRpbgfQHoZEYOpLoaSjc9 |
| - | + | DtarifoopPQEdRUPUAvjjUfAPwObmjj1WEbLUt6l8ZyQO+4vgQlzDlYg6O2ybFfE | |
| - | -----BEGIN RSA PRIVATE KEY----- | + | qsQJs4xPMf7JAAAAgQC7P3r99kswo5ounkrNfdCBDE4IPnkmv1cce7sXLvPkfBHf |
| - | ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAo4nCb/HqM4jj+0nMJ2LC6CP6MuFQGfYhMOTZgi1fzBckdbayv5zAQqihwFOHzQ+cUmfS0MqN844N/qaABWALIWSHFAFvNDeFUdP6wLPouNFICSMekDQUVAYf+uzN7QXXAFjasWKjisr8DKxb5CgvPoLdIDlzITWZuBSWQhlfxJQ9ZeSmXc5HwYwRJI2AxejjriRas4ffM8aSpd4vCqcmL6xaIrokxWRstcRaIRMTxOigE0wxmjwE9lLnrgmv6dJKUaHCmjU64gjVH1sMWL/sKBMF7Z5UFzcTq5tG5IxvR7sy8GIZ3kRaOGxhiWHESyfS4L3oBXvehV08WmMfeWuV6w== hassan | + | oPYpTf+M59CsAxAYtjReIFZ1Dqmf4DZfUdmgKSgtqFk+83vhL68vQ9NpuBGO8zGl |
| - | ----END RSA PRIVATE KEY----- | + | xU3VQAQM2jP7T0/tRd1cvNUDuGeOKnn4jeX4pL3D9v2CsP+IK7gmnooLO/3FEwAA |
| - | + | AIEAl2+HKaQ8VPIR58cmCSRKzZR3flSZMf2Cl5/mtI4rmoF01G5biQA/4ee3y7sU | |
| - | ===== Host Public Key ===== | + | VHcvB1p2jl/YFlpmwZCG6vIhj9qb3R+TrtX0QetnAOovDJDZXOhwBl48yR7VYopk |
| - | A //host public key// is a counterpart to //host private key//. They are generated at the same time. The //host public key// can be safely revealed to anyone, without compromising host identity. | + | 206XabgpPy3qgV2lKla9CCe4FMw2ZcjCdgYNq+bQly2IPpQ= |
| - | + | Private-MAC: 35d8b1b5a8a0a05985c8a1f4d67ff31bbc08f3d5 | |
| - | To allow authorizing the host to the user, the user should be [[faq_hostkey|provided with host public key in advance]], before connecting. The client application typically prompts the user with //host public key// on the first connection to allow the user to [[ssh_verifying_the_host_key|verify/authorize the key]]. The //host public key// is then saved and verified automatically on further connections. The client application warns the user, if the host key changes. | + | |