SSH Key generation question
in [General Linux]
|
From: Todd on 19 Jun 2010 17:41 Yet another follow up question: I occurred to me that if I have to create his (the client's) keys (on my server) and send them to him, that: 1) I have to create them under his user account 2) Fish them out of his ~/.ssh directory 3) Send "both" of the keys to him 4) add his .pub to my fray 5) then I can actually delete both keys out of his ~/.ssh directory Have I got it right? Many thanks, -T
From: Robert Riches on 19 Jun 2010 20:35 On 2010-06-19, Keith Keller <kkeller-usenet(a)wombat.san-francisco.ca.us> wrote: > ... > > Yes. X11 is ''backwards'', but ssh is not. The person running the ssh > command is the client; the server listening for ssh connections (i.e., > running sshd) is the server. No, X11 has it right. The X server is providing _DISPLAY_ services to client programs that want something displayed. > (As an aside, in this way X11 is actually not backwards--the X server > you run on your machine is listening for X11 ''connections'' from > ''clients'', i.e., programs like xterm. It only seems backwards because > the client could be coming from some machine other than the one you're > sitting at.) Thank you for correcting yourself. At work, I have an X11 server running on one machine, X11 clients running on several other machines, and I'm watching it over VNC from an XP laptop. (I wish I was at liberty to put Linux on the laptop...) -- Robert Riches spamtrap42(a)verizon.net (Yes, that is one of my email addresses.)
From: Kenny McCormack on 19 Jun 2010 21:31 In article <slrni1qoih.bir.spamtrap42(a)one.localnet>, Robert Riches <spamtrap42(a)verizon.net> wrote: >On 2010-06-19, Keith Keller <kkeller-usenet(a)wombat.san-francisco.ca.us> wrote: >> ... >> >> Yes. X11 is ''backwards'', but ssh is not. The person running the ssh >> command is the client; the server listening for ssh connections (i.e., >> running sshd) is the server. > >No, X11 has it right. The X server is providing _DISPLAY_ >services to client programs that want something displayed. 'backwards' does not (i.e., should not) imply 'wrong' or immoral, or fattening. It is just "different" - and both models are both equally morally valid. I've always been amused by how nifty the X model is, and in particular how it *is* "backwards" in terms of how most people think of things. Historically, people have associated the word "server" with "remote" and "big iron", and "client" with their desktop. The fact that X often reverses these roles should be viewed as an amusement and not as something to become morally outraged over. -- > No, I haven't, that's why I'm asking questions. If you won't help me, > why don't you just go find your lost manhood elsewhere. CLC in a nutshell.
From: Todd on 19 Jun 2010 21:44 > No, X11 has it right. The X server is providing _DISPLAY_ > services to client programs that want something displayed. I have had some similar interesting exchanges on M$'s XP group. Switching a user from Vista to XP is an upgrade as you are switching from barely working to working, not to mention doubling the speed of the computer. XP to Vista is only a downgrade if you are comparing version numbers. It is a play on words. X11 is an interesting play on words. The computer crunching the numbers (called the server by CUPS, Samba, DHCP, NAMED, yada, yada, yada) is actually called the "client". The computer displaying the result, which is commonly referred to as the client by everyone else doing such thing, including Terminal Services, is called the "server". It is a play on words. It violates the common naming convention everyone expects, which is that the computer doing the "crunching" is the server. But, if that is they way the X11 folks want to do it, it is their right. They did an awfully good job at it too and gave it to us for free. So, in appreciation, I will call it whatever they want. It is still a play on words. And by common convention, it is backwards. And, and, by referring to it as backward, you remove the "state of confusion" from so very many victims of the play on words. My two cents, -T
From: General Schvantzkoph on 19 Jun 2010 23:04
On Sat, 19 Jun 2010 14:13:16 -0700, Todd wrote: >> the laptop is stolen it would still be dificult for someone to crack. > > I do not understand. I would be just sending him what came out of I don't think you understand the point of public key encryption, you don't have to send him anything. The user generates the key pair on his machine and then sends you his public key. Public keys may be seen by anybody, that's why they are called public. The private key is never transmitted to anyone, it stays at home. The algorithm encrypts a message with a combination of the sender's private key and the receivers public key. That message is then decrypted with the receiver's private key and the sender's public key. There was an analogy on some TV program that summed it up rather neatly. The old fashion way of doing encryption was like putting a lock on a strongbox and then sending the key to the receiver who would use it to open the box. The problem with that method was that if the key was ever intercepted it could be copied and then used to open any lock that used that key. The way public key encryption works is that the receiver sends a lock to the sender who then uses it to lock the box. The box is then sent to the receiver who already has the key. If someone intercepts the lock and makes a copy it won't matter because only the intended recipient has the key. |