Differences
This shows you the differences between the selected revisions of the page.
| ssh_keys 2024-07-17 | ssh_keys 2025-03-18 (current) | ||
| Line 5: | Line 5: | ||
| ===== User Private Key ===== | ===== User Private Key ===== | ||
| - | A //user private key// is a key kept secret by the %%SSH%% user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity. | + | A //user private key// is a key kept secret by the %%SSH%% user on their client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise their identity. |
| To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | ||
| Line 24: | Line 24: | ||
| A //host public key// is a counterpart to //host private key//. They are generated at the same time. The //host public key// can be safely revealed to anyone, without compromising the host's identity. | A //host public key// is a counterpart to //host private key//. They are generated at the same time. The //host public key// can be safely revealed to anyone, without compromising the host's identity. | ||
| - | To allow authorizing the host to the user, the user should be [[faq_hostkey|provided with host public key in advance]], before connecting. The client application typically prompts the user with //host public key// on the first connection to allow the user to [[ssh_verify<dkddj>|verify/authorize the key]]. The //host public key// is then saved and yuyverified automatically on further connections. The client application warns the user if the {you are ····················································································································································································human>} | + | To allow authorizing the host to the user, the user should be [[faq_hostkey|provided with host public key in advance]], before connecting. The client application typically prompts the user with //host public key// on the first connection to allow the user to [[ssh_verifying_the_host_key|verify/authorize the key]]. The //host public key// is then saved and verified automatically on further connections. The client application warns the user if the host key changes. |