Solved

SSH Query-why does it work?

Posted on 2014-01-18
5
463 Views
Last Modified: 2014-01-18
I'm I real SSH newbie (even though i've been using it for years), but I can't work this out, I set up Putty years ago to access a remote Ubuntu box from Windows.
I do vaguely remember setting up the keys, but....anyway, I got a new laptop, downloaded the putty.exe file, fired it up with the target remote IP, and I got in (well, usual uname/pwd challenge). How can that be without without the public key? I'm sure I didn't copy any key files over.
0
Comment
Question by:Silas2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39790764
The remote ssh server allows by default logging in via username/passeword.

To disallow this it must be explicitly turned off in sshd_config.
0
 

Author Comment

by:Silas2
ID: 39790768
But, scuse my ignorance, but without a public key what make the connection remotely secure? It'll just be plain text won't it
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 125 total points
ID: 39790781
All ssh communication is encrypted, regardless of the authentication method used, and so is the password. It cannot be "seen" in clear text.

See "man ssh", e.g. here: http://www.openssh.org/cgi-bin/man.cgi?query=ssh&sektion=1&arch=&apropos=0&manpath=OpenBSD+Current

All authentication methods are described in detail there, in the "AUTHENTICATION" paragraph.
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 125 total points
ID: 39790795
When client sends the SSH to port 22 of server, the Server sends the required key to the client. Here is a good explanation - Link
0
 

Author Comment

by:Silas2
ID: 39790810
Ah, the penny drops, its public/private key but the server issues the public key like a private 'Verisign' which I trust because I'm connecting explicitly to that server IP.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2911 Voice Gateway enable password 3 220
uisng expect with sftp 17 159
FTP File Retrieval Automation 2 94
for ssh without password, are both ways correct 16 77
We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question