Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-20-2019, 09:09 AM   #16
Registered: Jun 2019
Posts: 37

Original Poster
Rep: Reputation: Disabled

using the password authentication (i do not have private or public key),then after authentication the traffic will be encrypted before to be sent over the network?
Old 08-20-2019, 10:22 AM   #17
Senior Member
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,389
Blog Entries: 9

Rep: Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894Reputation: 1894
I don't know. This is getting beyond me. Find someone more knowledgeable.
Old 08-20-2019, 04:11 PM   #18
Senior Member
Registered: Oct 2004
Posts: 1,259

Rep: Reputation: 133Reputation: 133
lelunicu, you need to go and read a book, online documentation, all this information has been written down, and in far more detail. This is going to be my last post on this thread.

With SSH, everything is encrypted. The major difference between pki and passwords is your password is sent over the network. Your private key never is. To say that there is no public/private key for SSH is wrong. The server always has a private key and corresponding public key. The part that is optional is whether the user has a public/private key pair.

If the user doesn't have a public key, then the server can't determine authenticity and relies on a different mechanism, however the user can always determine authenticity of the server. Do you ever recall connecting to a server for the first time and being told that it's unknown and if you want to add some information to a known_hosts file?

SSH doesn't use certs because its assumed that the person/system who claims the public key is theirs is the person/system you think it is validated when the keys are exchanged. With HTTPS certs are needed because you aren't going to go to Silicon Valley and go to each of Facebook, Microsoft, Redhat, Google, etc offices, collecting public keys.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to run PKI Gins Linux - General 2 01-17-2007 12:45 PM
PKI implementation amsri Linux - Networking 0 01-24-2006 07:49 AM
PKI Enabled FTP Client elvinyup Linux - Software 0 09-20-2005 02:31 AM
PKI implementation on Red Hat Linux Fedora 3.0 fauzie Linux - Networking 4 01-14-2005 10:01 PM
Pki subban Linux - Enterprise 1 12-19-2004 04:02 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration