Solaris

Hi Gurus,

I need some help and explanation of SSH.

Q1)What is the difference between a Private key and Public key .What is their role in SSH.
Q2)I was trying to ssh to server B from Server A from user xyz.
#server A : ssh server B It popped up the following messages
Warning: Permanently added 'server B ,192.168.2.101' (RSA) to the list of known hosts . What does that mean .
Q3) What is the difference between known_hosts file and Authorized keys file.
Q4) How does password less ssh work.

I know too many Questions .

Thanks in Advance

The exact details of how it works are pretty obscure, but the fundamental idea behind public/private keys is that the keys are related but separate. When you encrypt a message using your public key, you have to use your private key to decrypt it.

This makes it safe to hand out your public key. If anyone intercepts it, who cares? They can't decrypt any of your traffic with it.

You can also do the opposite, I think; create a message, using your private key, which is decrypted using your public key. You can use this to verify that a message came from you -- anyone with your freely-given public key can decrypt it, but only the private key could have made it. ssh keeps a list of what hosts have what unique identifications. If anyone spoofs being that host to try and sniff your password or something, you'll be warned and ssh will refuse to connect. And if you're connecting to a server for the very first time, you have an opportunity to see if its identification is legit before you do so (usually pointless unless you've been told what ID to expect).

known_hosts is just the hosts it knows, as explained above.

authorized_keys is a list of public keys which are allowed to log in without a password. You append your public key to the ~/.ssh/authorized_keys file on the host you want to log in to, and that's it. sshd checks it itself when people try to log in with the key. You'll need to actually have a set of keys ready to use, of course.

File permissions and such are important and easy to mess up, so I usually use ssh-copy-id to make sure it's done properly. just ssh-copy-id username@host much like you'd run ssh itself.