× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2008

Re: FTP/S and SFTP..... Hey, Scott K. or other SFTP guru in

John McKee wrote:
When I log onto the sftp site WITHOUT an entry in .ssh/known_hosts, I
AM required to enter a password. The key pair has to be there for
sftp to do the encryption.

Scott Klement wrote:
The key pair is not required for encryption. All the key pair does is provide a means of proving your identity.

Just in case someone else is confused about this, I had always thought that the keypairs were used for authentication, but _also_ to agree upon a session key which would then be a shared secret for encrypting the rest of the communication.

As it turns out, SSH uses the Diffie-Hellman (DH) key exchange algorithm[1] to agree on a session key. DH allows two parties to securely exchange a secret over an insecure channel.

[1] http://www.freesoft.org/CIE/Topics/145.htm

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.