LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-14-2016, 01:45 PM   #16
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880

Q-9: What does the User (client) Key-pair allow to happen? Does it allow the Client to speak with the Server? Or does it allow the Server to speak with the Client?

Basically, it allows the client to login to the server without having to type in a username/password. If password authentication is disabled you now have a system that can not be accessed by "brute force" attacks.

Q-8: It appears that this new Public-Key on the Server is located here: ~/.ssh/id_rsa.pub Correct?
Yes.

Q-7: This new Public-Key on my Server would still be called the User (client) Public-Key, right? (After all, all I did was "share" it with the Server.)

Yes, it is not the same thing as the server public key.
 
Old 07-14-2016, 02:28 PM   #17
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
Q-9: What does the User (client) Key-pair allow to happen? Does it allow the Client to speak with the Server? Or does it allow the Server to speak with the Client?

Basically, it allows the client to login to the server without having to type in a username/password. If password authentication is disabled you now have a system that can not be accessed by "brute force" attacks.
So from my local machine I can log in to my server, and once the connection is established, communications can flow from CLIENT to SERVER back to CLIENT back to SERVER and so on, right?


Q-10: If the Server ever wanted to connect to my local machine (client), then would I need a Public/Private Key-pair set up the opposite way?

That is, there would be a Host (server) Private-Key on the Server and would have to be a Host (server) Public-Key installed on my local machine?
 
Old 07-14-2016, 02:47 PM   #18
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880
Q-10: If the Server ever wanted to connect to my local machine (client), then would I need a Public/Private Key-pair set up the opposite way?

Not necessarily, A key pair is just one type of ssh authentication. You could write a script with a valid username/password to execute commands on your local machine.

Q-11? So from my local machine I can log in to my server, and once the connection is established, communications can flow from CLIENT to SERVER back to CLIENT back to SERVER and so on, right?

Yes, basic ssh is a remote login terminal. It would be just like typing commands in a terminal window on your local machine. It can do secure file transfers i.e. scp, sftp and much more.

https://en.wikipedia.org/wiki/Secure_Shell
 
Old 07-14-2016, 02:55 PM   #19
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
michaelk,

You mixed up the question numbering...

Quote:
Originally Posted by RobInRockCity View Post
So from my local machine I can log in to my server, and once the connection is established, communications can flow from CLIENT to SERVER back to CLIENT back to SERVER and so on, right?


Q-10: If the Server ever wanted to connect to my local machine (client), then would I need a Public/Private Key-pair set up the opposite way?

That is, there would be a Host (server) Private-Key on the Server and would have to be a Host (server) Public-Key installed on my local machine?
From what I read on another website, Public-key Authentication involves TWO key-pairs, and it implies that you need one pair called the User (client) Key-pair to connect from the local machine to the server, and then you need a second key-pair called a Host (server) Key-pair to connect/talk the other way...

Nothing online or in forums seems to cover or explain this so that it is clear how things work. (Thus my comment that I question how many people really understand this!)
 
Old 07-14-2016, 03:17 PM   #20
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880
Public-Key pair is one method used to authenticate the client to the server which is on a per user basis. Yes, once authenticated communication is bidirectional.

The private key is on the client and the public key on the server. If your remote computer needed to connect to your local machine in the same manner your local computer is now the server and the remote computer the client. The local computer would have the public key and your remote the private key. They can be the same key pair saved in the same manner.

https://support.ssh.com/manuals/serv...ntication.html

Last edited by michaelk; 07-14-2016 at 03:20 PM.
 
Old 07-14-2016, 03:54 PM   #21
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Here is my understanding of how things work...

- The Public-Private key-pair is created using ssh-keygen
- The Private-Key is located here: ~/.ssh/id_rsa
- The Public-Key is located here: ~/.ssh/id_rsa.pub
- Using cPanel, the Public-Key is copied over to the server
- Now the Public-Key is located here on the server: /home/rob/.ssh/id_rsa.pub
- Now the Public-Key is located here on the client: ~/.ssh/id_rsa.pub
- The Public-Key on the server is copied to these files: /home/rob/.ssh/authorized_keys AND /home/rob/.ssh/authorized_keys2


Is this correct so far?
 
Old 07-14-2016, 04:14 PM   #22
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880
I've not enabled keys on my hosted server...

Yes, The authorized_keys2 could be a backup if you imported more then once. The private key is only used by the client and the public only used by the host even though they were created and exist in ~/.ssh/

What might be interesting for you is enable the ssh server on your Mac and then you can play with keys and logging to yourself which makes you the server and client at the same time.

Last edited by michaelk; 07-14-2016 at 04:23 PM.
 
Old 07-14-2016, 04:24 PM   #23
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
Quote:
Originally Posted by RobInRockCity View Post
Who said anything about putting the Private Key on the sever?
You did.
Quote:
Following that logic, I could technically put my Private Key on the Server and leave my Public Key on my laptop, right?
 
Old 07-14-2016, 04:33 PM   #24
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sgosnell View Post
You did.

Quote:
Originally Posted by robinrockcity
Following that logic, I could technically put my Private Key on the Server and leave my Public Key on my laptop, right?
I said *could*, not did...

More importantly, what value does taking words out of context provide to this thread?

Last edited by RobInRockCity; 07-14-2016 at 04:35 PM.
 
Old 07-14-2016, 04:34 PM   #25
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Can't anybody verify the steps I have in post #21?
 
Old 07-14-2016, 04:40 PM   #26
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880
Yes and yes
 
Old 07-14-2016, 05:29 PM   #27
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
How does the actual handshake between client and server work with the Public/Private Key-pair?
 
Old 07-14-2016, 05:56 PM   #29
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Problem is that the 2nd link is an example of all the CRAP on the Internet.

The article says:
Quote:
The mathematical relationship between the public key and the private key allows the public key to encrypt messages that can only be decrypted by the private key. This is a one-way ability, meaning that the public key has no ability to decrypt the messages it writes, nor can it decrypt anything the private key may send it.
The bolded text above is wrong!!

So why believe anything in the article??
 
Old 07-14-2016, 06:07 PM   #30
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Am I to assume that when I SSH in to my server, that the "handshake" between my local machine and the server follows a similar process to how you would send a "digital signature"?

Isn't there a *reliable* source out there (i.e. NOT Digital Ocean) that explicitly talks about each step that happens when you SSH in to a server from a local machine where asymmetric crytography has already been established?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't login as root - Debian 8.5 - authentication failed. remaining authentication methods 'publickey password' LnxRider Debian 11 07-30-2016 11:06 PM
[SOLVED] Is ssh keys authentication more secure than password authentication? GrepAwkSed Linux - Security 6 03-17-2012 08:25 PM
configure ssh authentication using password file and sftp/scp authentication using ld cameliab Linux - Software 1 08-29-2011 03:28 AM
LDAP Authentication Understanding metallica1973 Linux - Networking 4 01-02-2007 09:13 PM
Password Authentication works for TELNET... but not FTP GEEXTER Linux - General 5 07-30-2003 04:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration