ssh key-exchange - how can the server verify the client?
Posted on 2015-02-23
I thought I understood how ssh key exchange works; Once a connection is established, the server encrypts messages with the clients public key so only the client can decrypt it.
But what if more that one client has a copy of that private key? Either by design, or if a client system is cloned (or even just renamed), the copy of the key works - so a client cloned for a test environment still has a key to the production server. The "tag" in id_rsa.pub, e.g. "root@myPC" doesn't necessarily relate to "myPC"
A client system checks the fingerprint of the server and will complain if it changes (ssh_config - StrictHostKeyChecking - unless that has been disabled); But can it be set up the other way around, so a key is only usable by a fingerprinted client?