Differences
This shows you the differences between the selected revisions of the page.
2025-05-28 | 2025-05-28 (current) | ||
no summary (150.129.206.86) (hidden) (untrusted) | Restored revision 1742299451. Undoing revisions 1748442396, 1748442415. (martin) (hidden) | ||
Line 4: | Line 4: | ||
The %%SSH%% employs public key cryptography. A [[wp>Public-key_cryptography|public-key cryptography]], also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public.((&wikipedia_ref(Public-key_cryptography|Public-key cryptography))) Together they are known as a key pair. In %%SSH%%, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, and the other is a user (client) key. | The %%SSH%% employs public key cryptography. A [[wp>Public-key_cryptography|public-key cryptography]], also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public.((&wikipedia_ref(Public-key_cryptography|Public-key cryptography))) Together they are known as a key pair. In %%SSH%%, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, and the other is a user (client) key. | ||
- | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFssvAIbBg7vuVirJTm0gOcghvy/WQIHTcxc/0EkNoTsodSHurFWd8zf6o7sJ7kojSzTR8GH32b+Wvh1p0N8xwOjvE9rNoB05+UHvII3kTsZygL3evulepl94AuNoLAv0lPa/tLqSaxrr+LmjuJoVLFaPWt9u43zb9/w/8hK5HMEBLOzeMZUPJW21b1VGMGSUAIm1AKJJiEzM6TC0YeZYaCIEakg0BbHxcQpDlZQg/5TDaIIfI6YpAe/jJNdG2WLCSxwj0NlSJ55qzwhHNi0mIfUNmumVlCBuusOd3gZL6TZUHp3j6FV5m0s5nlrqzfhtLoVY8W4UppqgtSl42KqLd | + | ===== User Private Key ===== |
+ | A //user private key// is a key kept secret by the %%SSH%% user on their client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise their identity. | ||
+ | |||
+ | To protect the private key, it should be generated locally on a user's machine (e.g. using [[ui_puttygen|PuTTYgen]]) and stored encrypted by a passphrase. The passphrase should be long enough (that's why it's called passphrase, not password) to withstand a [[wp>Brute-force_attack|brute-force attack]] for a reasonably long time, in case an attacker obtains the private key file. | ||
+ | |||
+ | Different file formats are used to store private keys. WinSCP supports PuTTY format, with the ''.ppk'' extension. | ||
===== User Public Key ===== | ===== User Public Key ===== | ||
Line 13: | Line 18: | ||
//Learn more about [[public_key|public key authentication]] in general and how to [[guide_public_key|setup authentication with public keys]].// | //Learn more about [[public_key|public key authentication]] in general and how to [[guide_public_key|setup authentication with public keys]].// | ||
- | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFssvAIbBg7vuVirJTm0gOcghvy/WQIHTcxc/0EkNoTsodSHurFWd8zf6o7sJ7kojSzTR8GH32b+Wvh1p0N8xwOjvE9rNoB05+UHvII3kTsZygL3evulepl94AuNoLAv0lPa/tLqSaxrr+LmjuJoVLFaPWt9u43zb9/w/8hK5HMEBLOzeMZUPJW21b1VGMGSUAIm1AKJJiEzM6TC0YeZYaCIEakg0BbHxcQpDlZQg/5TDaIIfI6YpAe/jJNdG2WLCSxwj0NlSJ55qzwhHNi0mIfUNmumVlCBuusOd3gZL6TZUHp3j6FV5m0s5nlrqzfhtLoVY8W4UppqgtSl42KqLd | + | ===== Host Private Key ===== |
+ | A //host private key// is generated when the %%SSH%% server is set up. It is safely stored in a location that should be accessible by a server administrator only. The user connecting to the %%SSH%% server does not need to care about //host private key// in general. | ||
===== Host Public Key ===== | ===== Host Public Key ===== |