SSH is a popular system allowing a remote shell (command interpreter) to be used over a secure connection. By secure, here, I mean that the connection is encrypted, authenticated and integrity checked. The encryption prevents attackers reading the contents of the data being transmitted, the authentication allows both the client and the server to be sure that they are connected to the other, and not to some intermediate system in a man-in-the-middle attack, and the integrity checking ensures that the data is not being changed during transit. Together, these three features provide a secure connection.
Even so, the password based login feature transmits your password through this link, to the remote server, where it is hashed and compared with the stored value in the password file. To many, even though the connection is encrypted, this is not satisfactory. SSH allows the use of public key authentication to login to a server. Here, you upload your public key to the server, and keep your private key on the client machine, optionally password protected so that no one can steal your private key file and use it to gain access without a password.
Now, when the SSH connection is established, the server will need to check the authentication of the client; that is, make sure it is you logging in. This was previously done by requesting your password, and comparing it against the stored password hash. Now, the server encrypts a randomly generated token against your public key, and sends this to you. The private key associated with your public key, stored in a file to which only you have access, either by password protection, filesystem permissions or other means, is the only key able to decrypt this message. Now, your SSH client will decrypt the message and send it back to the server, which compares it against the original value. In reality, the authentication is often also checked in the opposite direction, using the servers public key, which may be stored by the client. Once the server knows you hold the private key which corresponds to the public key, it grants you access.
So, you may ask, what is the security benefit here? Well, no secret information is being transmitted. You are no longer transmitting a password, nor are you transmitting any of your private key file. You are using the keys to encrypt and decrypt a piece of random data, which works one time only. Anyone who did somehow manage to listen in on this data stream would not be able to regain access by playing back your password, or even by playing back the same data transaction, as a different value would be encrypted the next time you login, and only the private key itself can decrypt that.
Public Key authentication is supported in OpenSSH, and also in PuTTY and many other SSH systems. Check your systems documentation for details on how to use public-key based logins.
Article Source: http://www.BharatBhasha.com
Article Url: http://www.bharatbhasha.com/technology.php/42261
Article Added on Monday, May 8, 2006
| Other Articles related to "Public Key SSH Login" by Bryce Whitty | |
Secure E Mail With Google GMail
This is something Ive set up myself, recently, to send mail through Gmail without having the unencrypted e-mail stored on their servers.To achieve this, youll need a Google GMail account, PGP or GnuPG, Mozilla Thunderbird, and the Enigmail extension.
First, set your Gmail account to allow POP3 access. This can be set in your mail settings within the web interface. The Gmail system will tell you the settings you need to make in Thunderbird in order to use this.
Next, get Thunderbird and...
Google Friend or Foe
Dont get me wrong, almost all of us love Google to death. It has single-handedly changed the direction of this entire industry to something that is accessible for everyone. However, while Google is the darling poster child of Wall Street and the general public, there lurks a danger of abuse. We will cover this in a bit, but first lets look at a few years ago when the World Wide Web was still a novel concept.
We had a handful of methods of finding information. They were so-called search...
|
| Articles In LimeLight | Stuck With Commercial Real Estate Property?
By Kim Lee Added on Sunday, April 27, 2008
Age New Spirituality - Inspirational Stories ( Part 50 )
By Vish Writer / Swami Vivekananda Added on Sunday, May 4, 2008
Bankruptcy Help Is Available To You
By Legal Helpers Added on Sunday, May 4, 2008
The Marc Jacobs Handbag - Make A Great Gift
By Tori A Hewitt Added on Sunday, May 4, 2008
Home Purchase Possibility After Bankruptcy
By Legal Helpers Added on Saturday, May 3, 2008
The 4 Steps To Credit Card Debt Negotiation
By Ted Batron Added on Saturday, May 3, 2008
Stair Railings An Their Many Uses
By Mr.Andrew Caxton Added on Sunday, May 4, 2008
Adding A Kitchen Rug To Protect Your Flooring
By John James Added on Wednesday, April 30, 2008
Cheap Car Finance At Your Fingertips
By Louis Rix Added on Sunday, April 20, 2008
Retractable Awnings Make Backyard Deck Great Place For Resting In Summer
By Markus Skupeika Added on Saturday, April 26, 2008
Sending Traffic To Your List Building Page, Part 5: SEO 1-2-3
By Tellman H. Knudson Added on Sunday, May 4, 2008
The Importance Of Sleep After A Sleepless Night
By Gary M. Miller Added on Friday, April 25, 2008
Professional Resume Example
By Mario Churchill Added on Monday, May 5, 2008
The Ins And Outs Of Jenna Jameson's Relationships
By Shlomo Tommer Added on Saturday, May 3, 2008
Becoming A Zeolite Distributor
By Zachary Thompson Added on Saturday, April 19, 2008
Discounted Life Insurance
By David Thomson Added on Thursday, April 24, 2008
Finding The Best Candy Making Supply Company
By IPRWire Staff Writer Added on Friday, April 18, 2008
Mortgage Protection Insurance Or Straight Term Life, Which Is Best For You!
By Christopher D. Beard Added on Monday, May 5, 2008
Understanding Employee Motivation
By Bertil Hjert Added on Friday, April 25, 2008
Bad Credit Car Loans - Things You Should Know Before You Apply
By Carrie Reeder Added on Sunday, May 4, 2008
|
| |
| About Author Bryce Whitty : |
|
Bryce Whitty owns and runs <a target="_blank" href="http://www.technibble.com">computer repair website called
<a target="_blank" href="http://www.technibble.com">Technibble.com. A website that provides technical how-tos for repairing your computer. Technibble also has many guides for getting into the
<a target="_blank" href="http://www.technibble.com">computer business or managing your existing one. We also cover other side topics such as Security and Software.
| |
|
