In general, you can use two methods for encryption: symmetric and asymmetric encryption. Symmetric encryption is fast, but not so secure. Asymmetric encryption is slower but more secure. In a symmetric key environment, both parties use the same key to encrypt and decrypt messages. In an asymmetric key environment, a public/private key pair is used. The latter is the important technique that is used for SSH.
If asymmetric keys are used, every user needs his own public/private key pair, and every server needs a pair of them as well. Of these keys, the private key must be protected by all means. If the private key gets compromised, the identity of the owner of the private key gets compromised as well. Therefore, a private key ordinarily is stored in a secure place where no one can access it besides the owner of the key. The public key on the contrary is available to everyone.
You can use public/private keys, generally speaking, for two purposes. The first of them is to send encrypted messages. In this scenario, the sender of the message encrypts the message with the public key of the receiver of the message, and the receiver of the message is the only one who can decrypt the message with the matching private key. This scenario requires of course that before sending an encrypted message, you need to have the public key of the person to whom you want to send the message.
The other option is to use public/private keys for authentication or to prove that a message has not changed since it was created. The latter is also known as nonrepudiation. In the example of authentication, the private key generates an encrypted token, the salt. If this salt can be decrypted with the public key of the person who wants to authenticate, then there is enough proof that a server is really dealing with the right person; therefore, access can be granted. This technique requires the public key to be copied to the server before any authentication can happen, however.
Was this article helpful?