Home
Advertising
Advice
Affiliate Programs
Arts And Crafts
Auto
Business And Finance
Careers
Communication
Computers and internet
Consumer
Copywriting
Crime
Domain Names
Ebooks
Ecommerce
Education
Email
Entertainment
Environment
Family
Fitness
Food
Gardening
Hobbies
Home improvement
Home_business
House_hold
Humour
Kids
Legal
Mail_order
Management
Marketing
Marriage
MetaPhysical
Miscellaneous
Motivational
MultiMedia
Multi_level
Newsletters
Online Business
Parenting
Pets
Politics
Psychology
Real Estate
Religion
Sales
Science
Self Improvement
SEOptimization
Site Promotion
Sports
Technology
Travel
Web Designing
Web Hosting
WeightLoss
Women
Writing
Tell A Friend
 

Search through all the articles:
Get Our FREE 6 Day Mini-eCourse On How You Can Start Making Your Living Online.
First Name: Last Name:
Email Address:

Public-Key SSH Login

SSH is a popular system allowing a remote shell (command interpreter) to be used over a secure connection. By secure, here, I mean that the connection is encrypted, authenticated and integrity checked. The encryption prevents attackers reading the contents of the data being transmitted, the authentication allows both the client and the server to be sure that they are connected to the other, and not to some intermediate system in a man-in-the-middle attack, and the integrity checking ensures that the data is not being changed during transit. Together, these three features provide a secure connection.

Even so, the password based login feature transmits your password through this link, to the remote server, where it is hashed and compared with the stored value in the password file. To many, even though the connection is encrypted, this is not satisfactory. SSH allows the use of public key authentication to login to a server. Here, you upload your public key to the server, and keep your private key on the client machine, optionally password protected so that no one can steal your private key file and use it to gain access without a password.

Now, when the SSH connection is established, the server will need to check the authentication of the client; that is, make sure it is you logging in. This was previously done by requesting your password, and comparing it against the stored password hash. Now, the server encrypts a randomly generated token against your public key, and sends this to you. The private key associated with your public key, stored in a file to which only you have access, either by password protection, filesystem permissions or other means, is the only key able to decrypt this message. Now, your SSH client will decrypt the message and send it back to the server, which compares it against the original value. In reality, the authentication is often also checked in the opposite direction, using the server’s public key, which may be stored by the client. Once the server knows you hold the private key which corresponds to the public key, it grants you access.

So, you may ask, what is the security benefit here? Well, no secret information is being transmitted. You are no longer transmitting a password, nor are you transmitting any of your private key file. You are using the keys to encrypt and decrypt a piece of random data, which works one time only. Anyone who did somehow manage to listen in on this data stream would not be able to regain access by playing back your password, or even by playing back the same data transaction, as a different value would be encrypted the next time you login, and only the private key itself can decrypt that.

Public Key authentication is supported in OpenSSH, and also in PuTTY and many other SSH systems. Check your systems documentation for details on how to use public-key based logins.



Bryce Whitty owns and runs <a target="_blank" href="http://www.technibble.com">computer repair website called <a target="_blank" href="http://www.technibble.com">Technibble.com. A website that provides technical how-to’s for repairing your computer. Technibble also has many guides for getting into the <a target="_blank" href="http://www.technibble.com">computer business or managing your existing one. We also cover other side topics such as Security and Software.

Article Source: http://www.newarticlesdaily.com

Article Added on Monday, May 8, 2006
Other Articles related to "Public-Key SSH Login" by Bryce Whitty

Secure E-Mail With Google GMail
This is something I’ve set up myself, recently, to send mail through Gmail without having the unencrypted e-mail stored on their servers.To achieve this, you’ll need a Google GMail account, PGP or GnuPG, Mozilla Thunderbird, and the Enigmail extension. First, set your Gmail account to allow POP3 access. This can be set in your mail settings within the web interface. The Gmail system will tell you the settings you need to make in Thunderbird in order to use this. Next, get Thunderbird and...

Google: Friend or Foe?
Don’t get me wrong, almost all of us love Google to death. It has single-handedly changed the direction of this entire industry to something that is accessible for everyone. However, while Google is the darling poster child of Wall Street and the general public, there lurks a danger of abuse. We will cover this in a bit, but first let’s look at a few years ago when the World Wide Web was still a novel concept. We had a handful of methods of finding information. They were so-called search...

Related Articles:
    Latest Articles: