The essence of SSH is the public/private key pair. By default, the client tries to authenticate using RSA/DSA key pairs. To make this work, first the client gets the public key of the server to establish a secure session; this happens automatically. Next, the server must get the public key of the client, which is something that has to be configured by hand. (Later in the "Using Key-Based Authentication" section you'll find more information about this procedure.) When the client has a public/ private key pair, it will generate an encrypted string with its private key. If the server is able to decrypt this string using the public key of the client, the identity of the client is proved.
When using public/private key pairs, you can configure different aspects of the encryption. First, the user needs to determine what cryptographic algorithm he wants to use. For this purpose, he can choose between RSA and DSA; the latter is considered stronger. Next, the user has to determine whether he wants to protect his private key with a passphrase. This is because the private key really is used as the identity of the user. Should anyone steal this private key, it would be possible to forge the identity of the owner; therefore, it is a good idea to secure private keys with a passphrase.
Was this article helpful?