John McKee wrote:
When I log onto the sftp site WITHOUT an entry in .ssh/known_hosts, I
AM required to enter a password. The key pair has to be there for
sftp to do the encryption.

Scott Klement wrote:
The key pair is not required for encryption. All the key pair does is provide a means of proving your identity.

Just in case someone else is confused about this, I had always thought that the keypairs were used for authentication, but _also_ to agree upon a session key which would then be a shared secret for encrypting the rest of the communication.

As it turns out, SSH uses the Diffie-Hellman (DH) key exchange algorithm[1] to agree on a session key. DH allows two parties to securely exchange a secret over an insecure channel.


This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].