Generate/VShellIcon.gif  Key Terminology

Most encryption technologies are based around a system of “keys” that allow information to be encoded and then decoded. The terms “private key”, “public key”, and “host key” are used extensively in Secure Shell communication and can be confusing to those who are new to the terminology. This topic hopes to define and clarify these terms and their use.

Private Key

A private key is one of two keys used in public-key encryption (the other being a public key). The user keeps the private key secret and uses it to encrypt outgoing messages and decrypt incoming messages.

The permissions for the private key should be set so that only the owner has read/write access. This is especially important if the key does not have a passphrase.

Public Key

A public key is one of two keys used in public-key encryption (the other being a private key). The user releases a copy of this key to the public to allow anyone to use it for encrypting messages to be sent to the user and for decrypting messages received from the user.

Public-Key Encryption

A scheme using an asymmetric algorithm to create a pair of keys for encryption: a public key encrypts data, and a corresponding private key decrypts it. In some situations, such as digital signatures, the process is reversed: the sender uses a private key to create a unique number that can be read by anyone who has the corresponding public key. The agreement of the public and private keys verifies that the message is truly from the sender.

Public-Key Authentication

In public-key authentication , public-private key pairs are used to identify a user to an SSH2 server . A user creates both a public and private key, and then transfers a copy of the public key to an SSH2 server to which the user wants secure access. The private key is kept on the user’s local machine and is used to verify the identity of the user when the user attempts to connect to the SSH2 server. The public and private keys must be correct for the server to allow the connection .

Host Key

A host key is the public key in a public-private key pair that is used to identify a server host to a client in SSH2 connections. When a client connects to a server host, the server sends a host key to the client (the server keeps the private key secret). The first time the client connects to a server, the client’s user is asked if they want to save the host key. If the user chooses to save the host key, the client adds the key to its host key database. Each time the client connects to that server, the client expects to receive the same key. If the server sends a different host key, the client is alerted to the fact that there may be a problem, which could be anything from a corrupt key file to a fraudulent server. The client then takes whatever action that is required to accept or reject the connection.