Introduction to Keys

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP TCP/IP Services for OpenVMS Guide to SSH

Secure Shell Overview

Introduction to SSH

Authentication

Introduction to Keys

SSH uses public-key cryptography to verify the identity of hosts as well as the identity of individual users. Public-key cryptography uses a pair of mathematically related keys. One key is public and is distributed to anyone who wants it; the other key is private and is known only to the owner. When a message is encrypted with a public key, it can be decrypted using only the private key.

Host Keys

The SSH host public and private keys are asymmetric keys that distinguish and identify hosts. When the SSH client is establishing a connection with the SSH server, the keys are used in two places:

The server host provides its public key to connecting clients so that they can verify the identity of the server.

The client host provides its public key to the server to allow a server host to verify the identity of the client host during host-based authentication.

Host keys are created either during TCP/IP configuration by the TCPIP$CONFIG.COM command procedure or manually by a system manager.

OpenVMS SSH is configured with a single SSH service listening port (22) and a single host key. All incarnations of the SSH server process use the same host key.

User Keys

Public key authentication requires that a user have a pair of keys consisting of a public key and a private key. The public key is published and distributed, or copied, to all the SSH servers with which the user communicates. The private key is kept on the local SSH client and is never be revealed to anyone except the key's owner.

As a user, your private and public keys are not the same as the server's private host key and public host key. The user's keys are used during public-key authentication, as described in Chapter 3. They require that a user have personal public and private keys. The user creates the public-private key pair by using the key generation utility.

Generating Keys

Key are generated by using the SSH_KEYGEN utility , as described in Chapter 5. SSH_KEYGEN generates both user's keys and host keys. For each key, the SSH_KEYGEN utility generates a pair of files: one with a public key and one with a private key. These files are used by cryptographic algorithms.

Managing User Keys

A user might need several keys, even hundreds of keys. For example, you may use one for each remote server to which you connect, or one for each account on a remote server. The following utilities are available to help manage multiple keys:

SSH_AGENT

SSH_ADD

For more information about these utilities, see Chapter 5.

Introduction to SSH

Authentication