Solved

Why does SSH work with no PKI and no shared secret?

Posted on 2011-09-10
2
557 Views
Last Modified: 2012-05-12
The theory behind secure protocols is - as I understand it - that they rely on symmetric or asymmetric keys.  Either a shared secret or a private/public key pair.  So a question I've had in the back of my mind for some time is:  How is it I can setup a router or firewall and enable ssh on the device and in the next moment SSH to the device from my workstation?  No Certificate Authority has been setup,  and clearly I never entered a shared key on my ssh client nor at the router/firewall.  Is the router just acting as its own CA?  Is putty or other just sending out some default public key and somewhere along the install created a private key?  It all seems to work as seamlessly as telnet.  But how??  Thanks!
0
Comment
Question by:amigan_99
2 Comments
 
LVL 6

Accepted Solution

by:
nativevlan earned 500 total points
ID: 36516985
When you enable ssh the router creates the keys and is it's own CA. That's why when you connect via putty and ssh for the first time you will get a warning about the certificate. If you are setting up ssh on a Cisco router or switch the key generation become quite obvious. "crypto key generate rsa general-use"
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 36517004
Thank you.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now