Key Management
On Unix-like systems, the list of authorized keys is stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys. This file is only respected by ssh if it is not writable by anything apart from the owner and root. When the public key is present on one side and the matching private key is present on another side, typing in the password is no longer required (some software like MPI stack may need this password-less access to run properly). However, for additional security the private key itself can be locked with a passphrase.
The private key can also be looked for in standard places, but its full path can also be specified as a command line setting (the switch -i for ssh). The ssh-keygen utility produces the public and private keys, always in pairs.
SSH also supports password-based authentication that is encrypted by automatically generated keys. In this case the attacker could imitate the legitimate side, ask for the password and obtain it (man-in-the-middle attack). However this is only possible if the two sides have never authenticated before, as SSH remembers the key that the remote side once used. Password authentication can be disabled.
Read more about this topic: Secure Shell
Famous quotes containing the words key and/or management:
“Japanese mothers credit “effort” as the key determinant of a child’s achievement in school, while American mothers name “ability” as the more important factor.”
—Perry Garfinkel (20th century)
“The Management Area of Cherokee
National Forest, interested in fish,
Has mapped Tellico and Bald Rivers
And North River, with the tributaries
Brookshire Branch and Sugar Cove Creed:
A fishy map for facile fishery....”
—Allen Tate (1899–1979)