Guruhowtos

Data encryption is accomplished by using special mathematical equations to scramble the bits in a data stream to make it unreadable to anyone who does not have access to the corresponding decryption equation. The process is usually made even harder through the use of an encryption key that is used to modify the way the equations do the scrambling. You can recover the original data only if you have access to this key and the corresponding programs. Data encryption helps to prevent unauthorized users from having access to the data.

SSH uses the concept of randomly generated private and public keys to do its encryption. The keys are usually created only once, but you have the option of regenerating them should they become compromised.

A successful exchange of encrypted data requires the receiver to have a copy of the sender’s public key beforehand. Here’s how it’s done with SSH.

When you log into an SSH server, you are prompted as to whether you want to accept the download of the server’s public key before you can proceed. The SSH client’s key is uploaded to the server at the same time. This creates a situation in which the computers at each end of the SSH connection have each other’s keys and are able to decrypt the data sent from the other end of the encrypted link or “tunnel”.

All the public keys that an SSH client’s Linux user encounters are stored in a file named ~/.ssh/known_hosts along with the IP address that provided it. If a key and IP address no longer match, then SSH knows that something is wrong. For example, reinstalling the operating system or upgrading the SSH application might regenerate the keys. Of course, keys changes can be caused by someone trying some sort of cyber attack, as well. Always investigate changes to be safe. Your server’s own public and private SSH keys are stored in the /etc/ssh/ directory.

Note: The .ssh directory is a hidden directory, as are all files and directories whose names begin with a period. The ls -a command lists all normal and hidden files in a directory. The ~/ notation is a universally accepted way of referring to your home directory and is recognized by all Linux commands.

Linux uses other key files also to provide the capability of password-less logins and file copying to remote servers using SSH and SCP. In this case, the SSH connection is established, then the client automatically sends its public key which the server uses to match against a predefined list in the user’s directory. If there is a match then the login is authorized. These files are also stored in your ~/.ssh directory and need to be specially generated. The id_dsa and id_dsa.pub files are your private and public keys respectively, and authorized_keys stores all the authorized public keys from remote hosts that may log into your account without the need for passwords (more on this later).