Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
using the password authentication (i do not have private or public key),then after authentication the traffic will be encrypted before to be sent over the network?
lelunicu, you need to go and read a book, online documentation, all this information has been written down, and in far more detail. This is going to be my last post on this thread.
With SSH, everything is encrypted. The major difference between pki and passwords is your password is sent over the network. Your private key never is. To say that there is no public/private key for SSH is wrong. The server always has a private key and corresponding public key. The part that is optional is whether the user has a public/private key pair.
If the user doesn't have a public key, then the server can't determine authenticity and relies on a different mechanism, however the user can always determine authenticity of the server. Do you ever recall connecting to a server for the first time and being told that it's unknown and if you want to add some information to a known_hosts file?
SSH doesn't use certs because its assumed that the person/system who claims the public key is theirs is the person/system you think it is validated when the keys are exchanged. With HTTPS certs are needed because you aren't going to go to Silicon Valley and go to each of Facebook, Microsoft, Redhat, Google, etc offices, collecting public keys.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.