Hi,
I know the �/etc/ssh� directory is for the ssh daemon and the �~/.ssh� directory is for a particular user.
Both directories contain private and public keys: (see the attachment)
but what is the difference between those keys in both directories? I'm confused because the ones i use as a user, is in my home directory ~/.ssh, and what are the roles of the keys found in /etc/ssh ? for what purpose are they created for ?
Thanks.
The files in /etc/ssh are for the service on the server you are connecting to. it uses them to listen and exchanges keys with the client session so that the data is encrypted.
Your personal keys (as you know in ~/.ssh) provide the reverse.
When you request a connection (before signing on or anything) the server listening (default on port 22) will pass you its public key for the server. This key enables you to encrypt traffic that only the server can decrypt. You can also use this public key to verify that you have connected to the correct server. The first time, you open a connection, you will be asked to confirm the key provided by the server. If you accept, this is stored in ~/.ssh/knwon_hosts so that you can be sure you are connecting the the same server on a later occasion.
See this article for more information - 17.3. Event Sequence of an SSH Connection
I hope that this helps. If not, feel free to ask again.
Kind regards,
Robin
Oh ok. Now i get it. When i try to connect to a server, the server will send me its public key from/etc/ssh. But what is the purpose of the keys from ~/.ssh ? It seems like they are not used.
Here's the scenerio:
I have two virtual machines open side by side - Server_A and Server_B. I tried to access Server_B from Server_A. Now Server_B will send me its public key from /etc/ssh.
Now the public key of Server_B will be in ~/.ssh/known_hosts file.
Again the keys found in my ~/.ssh directory are not used. I just don't get it.
---------- Post updated at 10:51 PM ---------- Previous update was at 09:45 PM ----------
I did some research, and i've found that if i try to connect to a server with the private and public keys from my ~/.ssh directory i have to copy the public key to server's authorized_keys file (using either ssh-copy-id or scp). Is that correct ?
The next connection will compare the server's public host key with the one in known_hosts.
If different it will warn "host key changed, perhaps a man-in-the-middle attack".
--
To complete your confusion, there is also an optional /etc/ssh/known_hosts. Here the administrator can store public host keys that are valid for all the users on the system, so they do not need to store them in their ~/.ssh/known_hosts.
--
Extra user keys that you put in ~/.ssh/ can be used to replace a password login (enabling a password-less login). The accepted public user keys are stored on the accessing side in ~/ssh/authorized_key (or ~/ssh/authorized_key2, dependent on the ssh version).
~/.ssh/known_hosts is used by the client alone, to identify servers the client has connected to before.
~/.ssh/authorized_keys is used by the server being connected to, when you ssh into that user using a key. So in that sense it's still a client setting, though it's the server which must read it.
~/.ssh/id_rsa, ~/.ssh/id_rsa etc are used by a client when connecting to a server. That is the file which the server you're connecting to recognizes via the other end's ~/.ssh/authorized_keys . There's various kinds of possible keys, some obsolete, some modern, so there's actually a few different names ssh will use by default there.
I'm sure there's other things which may end up in ~/.ssh/ also. It's a place for client settings, not something simple and single-purpose.
It all make sense now. Thank you everyone.