Key Terminology
Most encryption The process of converting a data transmission into a secret format that cannot easily be read by unauthorized individuals. See also: decryption. technologies are based around a system of “keys” that allow information to be encoded and then decoded. The terms “private key”, “public key”, and “host key” are used extensively in SSH SSH is an acronym for the Secure Shell protocol. A communications protocol used to encrypt network traffic between a client and a server. communication and can be confusing to those who are new to the terminology. This topic hopes to define and clarify these terms and their use.
A private key is one of two keys used in public-key encryption (the other being a public key). The user keeps the private key secret and uses it to encrypt outgoing messages and decrypt incoming messages.
The permissions for the private key should be set so that only the owner has read/write access. This is especially important if the key does not have a passphrase.
A public key is one of two keys used in public-key encryption (the other being a private key). The user releases a copy of this key to the public to allow anyone to use it for encrypting messages to be sent to the user and for decrypting messages received from the user.
A scheme using an asymmetric algorithm to create a pair of keys for encryption: a public key encrypts data, and a corresponding private key decrypts it. In some situations, such as digital signatures, the process is reversed: the sender uses a private key to create a unique number that can be read by anyone who has the corresponding public key. The agreement of the public and private keys verifies that the message is truly from the sender.
In public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in SecureCRT is public-key authentication. See also: identity file, public-private key pair. , public-private key pairs are used to identify a user to an SSH2 The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1 protocol provides. server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. . A user creates both a public and private key, and then transfers a copy of the public key to an SSH2 server to which the user wants secure access. The private key is kept on the user’s local machine and is used to verify the identity of the user when the user attempts to connect to the SSH2 server. The public and private keys must be correct for the server to allow the connection A data path or circuit between two computers over a phone line, network cable, or other means. .
A host key is the public key in a public-private key pair A pair of keys used with RSA or DSA authentication. The public key is usually kept in a file named Identity.pub, which is then transferred to the remote SSH server and appended to the user's authorized_keys file. Another file usually named identity contains both the public key and the corresponding private key. This file is kept on the local machine and is used by SecureCRT with public key or RSA authentication methods. that is used to identify a server host to a client A computer or application that uses services provided by a server. in SSH2 connections. When a client connects to a server host, the server sends a host key to the client (the server keeps the private key secret). The first time the client connects to a server, the client’s user is asked if they want to save the host key. If the user chooses to save the host key, the client adds the key to its host key database. Each time the client connects to that server, the client expects to receive the same key. If the server sends a different host key, the client is alerted to the fact that there may be a problem, which could be anything from a corrupt key file to a fraudulent server. The client then takes whatever action that is required to accept or reject the connection. Also see "Accepting a Host Key" and Global Options/SSH2 Host Keys.