Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 05-18-2015, 12:26 PM   #1
LQ Newbie
Registered: Apr 2006
Posts: 7

Rep: Reputation: 0
Understanding SSH and Key Pairs

I'm studying for my LPIC exam and I'm trying to completely understand how SSH and key pairs work. I'm starting to wrap my head around it, but there is one piece which is fuzzy to me..

When a client connects to a server for the first time using SSH, I know that the client will prompt that the authenticity of the host can't be established. If you agree to connect any ways, the server's hostname, encryption type and public key are added to the clients "known_hosts" file. Next time, it won't prompt.

I get that much, but what exactly is happening? That first time I connect, I know that the public key is sent, but when you connect again going forward, does the server simply send the public key again and the client compares it to the data in the known_hosts file everytime, OR does it actually use the server's public key to decrypt a digital signature of sorts sent by the server (which was encrypted using the server's public key) in order to establish the authenticity of the host?

Sorry if this question is a bit confusing. Let me know if I need to clarify.


Last edited by azurepancake; 05-18-2015 at 12:35 PM.
Old 05-19-2015, 05:07 AM   #2
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,108

Rep: Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138Reputation: 7138
First read these documents and ask if something is still unclear
Old 05-21-2015, 03:59 PM   #3
Senior Member
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 1,016

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Hmm, I think this thread is more to the point for what you are asking.

Especially this part here:
One of the first things that happens when the SSH connection is being established is that the server sends its public key to the client, and proves (thanks to public-key cryptography) to the client that it knows the associated private key.
To me this means that yes, the server actually must prove that it owns the private key associated with the public key you are sending to him...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
login using key pairs seabro Linux - Newbie 3 09-20-2014 02:30 AM
DNS TXT with multiple key-value pairs williebens Linux - Server 2 03-04-2011 11:12 AM
ssh best practice: key pairs per user or OS? Other considerations? mrtwice Linux - Security 2 04-20-2010 10:41 PM
Public/Private Key Pairs Kissell Linux - Security 3 01-24-2009 05:36 AM
Big Brother? Key Pairs? cwizardone Slackware 1 02-27-2007 07:02 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:45 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration