ssh keys: which is for whom and where are they supposed to live?


This Content is from SuperUser. Question asked by Jeeves Loan 007

Having read about SSH key generation and installation, I am very confused by the idea, which I might have mistakenly gathered from all of the information: it is that a private key leaves the system on which it has been generated.

I will lay out my understanding. Please correct me where I am wrong:

  1. On a host where SSH server runs I run ssh-keygen, and it generates id-rsa and for the current user.
  2. That current user becomes enabled for a remote login authenticated by the keys generated in #1.
  3. I take id-rsa from #1 and plop it onto the filesystem of a host where an SSH client runs.
  4. I register the file from #3 in an SSH client.

This sounds different from traditional asymmetric key encryption, where a private key never leaves the system that does the decryption. Why is there only one private key and why does it need to be installed both on a server and on a client? And which software: SSH server or SSH client is the public key used?


This question is not yet answered, be the first one who answer using the comment. Later the confirmed answer will be published as the solution.

This Question and Answer are collected from SuperUser , is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?