SOLUTIONS > SSH OVERVIEW > SECURITY BENEFITS
 Send us a question or comment


Read more about VanDyke customers

Legal Notices | Privacy Policy
Site Map | Refund Policy
Copyright © 1995 -
VanDyke Software, Inc.
All rights reserved.

Security Benefits (continued)

Public Key Authentication
Public key authentication is one of the most secure methods to authenticate using Secure Shell. Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length, and appears like the sample below Even though you can see it, it is useless unless you have the corresponding private key:

---- BEGIN SSH2 PUBLIC KEY ----
Subject:
Comment: my public key
AAAAB3NzaC1kc3MAAACBAKoxPsYlv8Nu+fncH2ouLiqkuUNGIJo8iZaHdpDABAvCvLZn
jFPUN+SGPtzP9XtW++2q8khlapMUVJS0OyFWgl0ROZwZDApr2olQK+vNsUC6ZwuUDRPV
fYaqFCHrjzNBHqgmZV9qBtngYD19fGcpaq1xvHgKJFtPeQOPaG3Gt64FAAAAFQCJfkGZ
e3alvQDU8L1AVebTUFi8OwAAAIBk9ZqNG1XQizw4ValQXREczlIN946Te/1pKUZpau3W
iiDAxTFlK8FdE2714pSV3NVkWC4xlQ3x7wa6AUXIhPdLKtiUhTxtctm1epPQS+RZKrRI
XjwKL71EO7UY+b8EOAC2jBNIRtYRy0Kxsp/NQ0YYzJPfn7bqhZvWC7uiC+D+ZwAAAIEA
mx0ZYo5jENA0IinXGpc6pYH18ywZ8CCI2QtPeSGP4OxxOusNdPskqBTe5wHjsZSiQr1g
b7TCmH8Tr50Zx+EJ/XGBU4XoWBJDifP/6Bwryejo3wwjh9d4gchaoZNvIXuHTCYLNPFo
RKPx3cBXHJZ27khllsjzta53BxLppfk6TtQ=
---- END SSH2 PUBLIC KEY ----

Public-private keys are typically created using a key generation utility. Both keys in the pair are generated at the same time and, while the two are related, a private key cannot be computed from a corresponding public key. In addition to authentication, keys can also be used to sign data. To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.

The private key never leaves the client machine, and therefore cannot be stolen or guessed like a password can. Usually the private key has a "passphrase" associated with it, so even if the private key is stolen, the attacker must still guess the passphrase in order to gain access. Public key authentication does not trust any information from a client or allow any access until the client can prove it has the "secret" private key.

<< Security Benefits