LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-14-2006, 03:36 AM   #1
StarGhost
LQ Newbie
 
Registered: Sep 2006
Posts: 8

Rep: Reputation: 0
Newbie's question abou ssh


Hello,

I've learned linux just for 3 weeks, and now encountered a confusion with ssh.

I have a server running Fedora 4, mine machine is running Fedora 5. When I look at /etc/ssh/ I saw the following:

ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_key
ssh_host_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub

I knew that ssh_host_key and its .pub is for sshv1, so no need to care. But about the rest, could anyone show me the difference between dsa and rsa keys, and how important they are, or when do we you dsa keys, and when is rsa.

Another issue, when I first ssh to my server, it asked:

The authenticity of host 'my server' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?

Why do we need RSA key figerprint, and where it's stored in the machine?

Next issue, after successfully login to my server. In theory, the public key of my machine is sent to the server and vice versa (not sure which key it is, rsa or dsa). So I checked for ~/.ssh/known_hosts in my machine, it showed the correct pub key of the server, but when I look at the same file in the server, it does not have the entry for my machine public key.

Therefore, I'm just wondering where it stored my public key to decrypt my packets during ssh commmunication, or does it store it in memory and discarded it after ssh communication is terminated?

I'm idiot enough, and hope to have a light out of my brain.

SG.
 
Old 11-14-2006, 03:56 AM   #2
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Rep: Reputation: 30
Hi Starghost,

Welcome to linuxquestions.org


rsa and dsa are encryption algorithms used to create signatures among other uses.

Quote:
Originally Posted by starghost
So I checked for ~/.ssh/known_hosts in my machine, it showed the correct pub key of the server, but when I look at the same file in the server, it does not have the entry for my machine public key.
Server does not store the clients keys







Aniruddha
 
Old 11-14-2006, 04:06 AM   #3
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
DSA (Digital Signiture Algorithm) and RSA (Rivest-Shamir-Adleman algorithm) keys are used for digital signing and authentication. RSA is older and faster than DSA, but weaker in terms of security. However, DSA can only be used for signitures, whereas RSA can be used for encryption as well. Think of them as competing brand names - some folk like on and others prefer t'other. A server needs to know about them both - most likely - unless you want to deliberately exclude one brand that is.

OpenSSH only uses these for the authentication stage.

It can help to search the forums:
http://www.linuxquestions.org/questi...ad.php?t=12593
 
Old 11-14-2006, 09:38 AM   #4
StarGhost
LQ Newbie
 
Registered: Sep 2006
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Simon Bridge

OpenSSH only uses these for the authentication stage.
Thanks for your response. As you said, OpenSSH only uses those keys (DSA or RSA) for Authentication, but I thought that the main idea of using public and private keys is for encryption. So what is used for encryption?

Thanks,

SG.
 
Old 11-14-2006, 09:44 AM   #5
dxqcanada
Member
 
Registered: Sep 2006
Location: Canada
Distribution: Gentoo
Posts: 702

Rep: Reputation: 43
Server's public key is given to the client so it can encrypt data going to the Server.

The server and client use this asymmetrical key to encrypt the data to exchange a symmetric key that will be use to encrypt the data for the rest of the session.

(I think ?!?)
 
Old 11-14-2006, 10:45 PM   #6
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
http://www-128.ibm.com/developerwork...ry/l-keyc.html
http://www.linuxforums.org/forum/lin...-security.html
http://www.openssh.org/faq.html
http://www.openssh.com/features.html


OpenSSH uses 3DES, Blowfish, AES and arcfour as encryption algorithms.
 
Old 11-15-2006, 02:15 AM   #7
can2002
LQ Newbie
 
Registered: Apr 2004
Posts: 2

Rep: Reputation: 0
Regarding the question regarding "The authenticity of host 'my server' can't be established." and also what goes in known_hosts, it's important to understand there is no central authority concept in SSH as you get with PKI (e.g. accessing an SSL site, where a certificate has been signed by an authority such as Verisign).

The first time a SSH client connects to a SSH server, the server will present its public key to the client as part of the authentication process. Because the client has never seen that public key before it asks you to verify it by displaying the fingerprint of the key, which you could in theory pass to people out-of-band (e.g. via an e-mail, printout, etc.). Once you accept the fingerprint, the client then stores the public key in ~/.ssh/known_hosts.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A newbie's question about SSH ... ( Fedora Core 4 ) Kharl Linux - Software 2 04-03-2006 12:53 PM
Newbie's ssh and router question Normanya Linux - Networking 8 07-31-2005 10:18 PM
Another newbie's dumb question jrholl Linux - Newbie 2 04-11-2005 08:28 PM
Newbie's printing question - could it be more hard? shibatatie Slackware 7 10-12-2004 09:56 PM
a newbie's c++ question j-ray Programming 8 05-13-2002 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration