?
Solved

Why does SSH work with no PKI and no shared secret?

Posted on 2011-09-10
2
Medium Priority
?
563 Views
Last Modified: 2012-05-12
The theory behind secure protocols is - as I understand it - that they rely on symmetric or asymmetric keys.  Either a shared secret or a private/public key pair.  So a question I've had in the back of my mind for some time is:  How is it I can setup a router or firewall and enable ssh on the device and in the next moment SSH to the device from my workstation?  No Certificate Authority has been setup,  and clearly I never entered a shared key on my ssh client nor at the router/firewall.  Is the router just acting as its own CA?  Is putty or other just sending out some default public key and somewhere along the install created a private key?  It all seems to work as seamlessly as telnet.  But how??  Thanks!
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
nativevlan earned 2000 total points
ID: 36516985
When you enable ssh the router creates the keys and is it's own CA. That's why when you connect via putty and ssh for the first time you will get a warning about the certificate. If you are setting up ssh on a Cisco router or switch the key generation become quite obvious. "crypto key generate rsa general-use"
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 36517004
Thank you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question