Re: ssh private and public keys known_host etc...



SpreadTooThin schrieb:
Under my user account there is a .ssh sub directory with a know_hosts
file.

My question is on the process of generating the private / public keys
and storeing them in the .ssh directory.

If I generate the key file do I generate it on the host I want to ssh
to or on the host I am ssh'ing from?

both methods should work. But i would prefer to generate the key on the
local host (the one, I am ssh'ing from). Simple reason: You have to
transport the _public_ key to the remote box in this case. That is no
problem. If you generate the keys on remote host, you have to transport
the private key to the local host. This might be a security problem.



ssh-keygen -b 1024 -t dsa mykey

Is the pass phrase that is requested the ssh password that I log into
the server with?

private key is on localhost, pubkey on remote host. The passphrase you
are asked for, is the pass phrase to use the private key.


There are two files that are generated by this command, one I believe
is the private key and the other the public key. So do I give the
public key to people who I want to give access to?

~/.ssn/id_dsa is the private key. Dont give it away to anyone.
~/.ssh/id_dsa.pub is the public key. Anyone may know this key. You can
connect to users, that have this key in their ~/.ssh/authorized_keys

But: Everyone, how has your private key (and knows the passphrase) can
connect to these users.


Then the public add the public key file to the known_host file?

The ~/.ssh/konwn_host file identifies hosts you have connected to. It
prevents man in the middle attacks.


Correct?

No. You could read man ssh and man sshd


TIA.
B.

Wolfgang
.



Relevant Pages

  • RE: TIPS FOR THE NEWCOMER
    ... using your old private key, so there's no point in keeping a backup. ... > security risk if I send this through e-mail as an attachment to the ssh ... > has been compromised it does not really matter since it is a public key ... > more words for the passphrase it gets harder to crack? ...
    (SSH)
  • Re: setting up ssh keys to copy between desktop to freenas
    ... In public/private key authentication, the private key is kept by the client (the end initiating the ssh connection). ... The public key resides on the recipient "server". ... The .ssh directory, and the key, must be readable/writeable only by the owner of the key. ...
    (uk.comp.os.linux)
  • Re: [opensuse] private key/ public key over ssh vs just using a password
    ... Just had an interesting argument concerning the security of using a private key / public key combination over ssh and no password vs simply using a username and password over ssh and accepting the RSA key fingerprint of the host. ... Anyone have any hard facts on which is more secure or are both equally secure and why? ...
    (SuSE)
  • Re: network freebsd computers
    ... It will put a key there for every place you go to with ssh. ... I think this is the place one puts the public key of accounts (not the ... host) from which one is *coming* from that one wishes to accept login ... ~/.ssh/known_hosts automatically (prompted first time) records the host ...
    (freebsd-questions)
  • Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permi
    ... Use puttygen to import your private key, ... >>> a windows machine doing an import. ... >> works if you use SSH tunneling though. ... > the plink program in Putty), we must use public key authentication. ...
    (freebsd-questions)