When OpenSSH starts, it first establishes an encrypted connection and then authenticates the user. Once these two tasks are completed, OpenSSH allows the two systems to send information back and forth. OpenSSH uses two key pairs to negotiate an encrypted session: a host key pair and a session key pair. The host key pair is a set of public/private keys that is established when you install the openssh-server package
The first time an OpenSSH client connects with an OpenSSH server, you are asked to verify that it is connected to the correct server. After verification, the client makes a copy of the server’s public host key. On subsequent connections, the client compares the key provided by the server with the original key it stored. Although this test is not foolproof, the next one is quite secure
The client then generates a random key, which it encrypts with both the server’s public host key and the session key. The client sends this encrypted key to the server. The server, in turn, uses its private keys to decrypt the encrypted key. This process creates a key that is known only to the client and the server and is used to encrypt the rest of the session
The first time an OpenSSH client connects with an OpenSSH server, you are asked to verify that it is connected to the correct server. After verification, the client makes a copy of the server’s public host key. On subsequent connections, the client compares the key provided by the server with the original key it stored. Although this test is not foolproof, the next one is quite secure
The client then generates a random key, which it encrypts with both the server’s public host key and the session key. The client sends this encrypted key to the server. The server, in turn, uses its private keys to decrypt the encrypted key. This process creates a key that is known only to the client and the server and is used to encrypt the rest of the session
No comments:
Post a Comment