What exactly does the private key do?

Advertisement

CaBabaSiMitralier
Joined:
Posts:
4

What exactly does the private key do?

I realize this is a very newb question, but I can't seem to find a simple explanation:

What function does the -privatekey flag (or SessionOptions.SshPrivateKeyPath property) serve, in the SFTP case? I know what a private key is, but I am not clear on how it is used in this case. The client has the private key, so does this assume the server has a matching public key? If so, how does the server get the public key?

If the goal is to prove the identity of the client, is this basically the inverse of using a host key fingerprint (rather than the server proving its identity to the client, the client is proving its identity to the server).

What is the implication if the client does not use a private key and just relies on a password? Is this simply that you are then relying on a single factor rather than two factors?

The scenario I have in mind is:
1) The client requests access to the server from an admin (does the client supply a public key here?)
2) The admin provides a username and password (while registering the public key with the server?)
3) The client accesses the server by providing the username and password.
4) The server returns the public key and the client checks this against the private key(?).

My confusion arises because I am struggling to picture how the key exchange happens in the real world. I don't recall ever using a private key when accessing an SFTP server, but maybe the servers I have been accessing have just not used that level of security.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,454
Location:
Prague, Czechia

Re: What exactly does the private key do?

CaBabaSiMitralier wrote:

If so, how does the server get the public key?
See https://winscp.net/eng/docs/guide_public_key

If the goal is to prove the identity of the client, is this basically the inverse of using a host key fingerprint (rather than the server proving its identity to the client, the client is proving its identity to the server).
Yes. See https://winscp.net/eng/docs/ssh_keys

What is the implication if the client does not use a private key and just relies on a password? Is this simply that you are then relying on a single factor rather than two factors?
Usually you use either a password or a public key authentication. Not both. So it's usually the single-factor authentication in both cases. The public key authentication has the advantage of the key being much stronger than a password. It's also "easier" to have unique key for each account, as opposite to having to memorize unique password for each account.
See also https://security.stackexchange.com/q/3887/43677

The scenario I have in mind is:
1) The client requests access to the server from an admin (does the client supply a public key here?)
Yes.

Reply with quote

Advertisement

You can post new topics in this forum