ssh key pairs: user (public+private) AND host (public+private) OR NOT?

How many types of keys do there exist and where is the private key stored? First of all, keys can be private(=closed=decripting) and public(=open=encrypting). That's ok. That's a key pair.

But further, as I can see (I am trying to study linux, and I refer to ssh.com explanations as the best that I could find, but yet not very well structured), there may be two situations:

  1. "host keys": these are generated automatically when the connection is established and are used to encrypt the data flow between a Server (?) and a user (or service, like http-server) computer (?), in this case "private host key" and "public host key" are stored on the Server computer (in /etc/ssh/known_hosts), and the second "public host key" is stored on the user computer.

  2. "user keys": these are used for user authorization (instead of login/password) on the Server, and in this case "private host key" and "public host key" are stored on the user computer, and the second "public host key" is stored on the Server in (home directory of the user on Server)/.ssh/authorized_keys.

Did I understand the subject correctly or am I wrong? (and I am completely not sure about the paths) Is there a comprehensive article or book on this topic? I've read so much but I can't get the outline...


The broad subject is public key cryptography (https://en.wikipedia.org/wiki/Public-key_cryptography).

It is used with host keys for bidirectional encryption in ssh and sftp, by exchanging a secret used to encrypt the communication. It is also used for ssh authentication with user keys.

Linux has got an implementation of ssh, as Windows, MacOS and other systems do.