hi John,
When I log onto the sftp site WITHOUT an entry in .ssh/known_hosts, I
AM required to enter a password. The key pair has to be there for
sftp to do the encryption.
The key pair is not required for encryption. All the key pair does is
provide a means of proving your identity. Normally we use passwords
for that sort of thing... the theory is "Anyone can say their userid is
jmmckee -- but only the real John McKee would know the password". Thus,
you use the password to prove that you're really John McKee. A
digital key pair (or a certificate, which is just a digital key pair
with some other informational fields) provides the same sort of proof of
your identity, by saying "only the real John McKee would have the
private key that matches this public key".
The biggest difference between them... it's easy to read a password if
you see it. Therefore you might see it and remember it and use it
later. Also, people often use meaningful words for their passwords,
which makes it possible to guess at a password, or run a dictionary
file. Also, people often use the same passwords in many different places
(so that there are fewer to remember) so if one place has a mischievous
employee, that employee might take your password and try it on other
sites where you happen to be a member, and thus gain access to your
accounts.
Digital keys are a relatively long (hundreds of bytes), and hard to
read. They aren't words (or even always human-readable symbols) and
therefore they're virtually impossible to remember. Because you store
them as files and send them automatically, there's no need to remember
them, and therefore you don't try to re-use the same ones on multiple sites.
One nice thing about digital keys: They make it easier to write
automated scripts, since you don't have to hard-code a password into a
script (which is terribly insecure.)
On the other hand... since digital keys are usually stored in files, vs.
passwords usually being typed on-demand, if someone is able to
compromise a system where digital keys are stored, they could use them.
That's perhaps less likely to happen with passwords, since users type
them on-demand rather than store them in files.
Of course, digital keys can be secured with a passphrase (basically the
same as a password) so that the digital key is worthless unless you know
the passphrase. That's something of a "best of both worlds" because
someone who compromises your system can't use your keys, but at the same
time, it's the digital key that's sent over the network, and those keys
are harder to break than passwords. But the disadvantage to the
passphrase is that your application has to be interactive (much like a
password) because you have to key in the passphrase every time you use
the session..... unless you hard code the passphrase into the script,
and then your keys aren't any safer than they were without the passphrase...
Encrypt with private key, decrypt with public key. No digital
certificates. My question: how does Wells Fargo do data encryption
without using public key / private key AND also not using a digital
certificate?
Both certificates (SSL) and key pairs (SSH) are used to prove your
identity. They're not used to encrypt the actual session.
So whatever your feelings about whether digital keys are better, or
whether passwords are better -- using SSH will provide an encrypted session.
midrange.com
