How Exactly Are SSH Keys Generated?

ssh-keys mac-osx

Solution 1:

SSH uses pre-generated public and private keys. Once generated these keys are stored for future use. The content of the keys should not be related to the hardware or O/S, but do depend on the random numbers they provide.

There are various formats used to transport the keys. If you move from one platform to another you may need to change the key format. Putty uses a different format than OpenSSH, but there are tools for both to convert the format.

The private key should rarely need to be transported. If they are they must be kept secure. Public keys and are freely distributable, and are automatically exchanged during the connection. Usually known keys are stored so that the verification dialog is not required on subsequent connections.

I generally generate new keys for new devices as this is more secure. It does require re-establishing trust relationships. Copying the old keys may allow the transfer of trust. Sometimes the trust includes other information such as hostname and/or IP address preventing the transfer of trust.

An existing known host list can be transferred. This allows you to transfer the list of devices you trust. This does not guarantee they will trust you.

Solution 2:

Make sure you know exactly what you're getting into -- there's a lot of math. Asymmetric key cryptography works by generating a modulus from the product of two very large prime numbers, which are chosen at random using a cryptographically secure pseudo-random number generator. Using this modulus and modular arithmetic, two keys are generated such that the public key can be derived from the private key, but not vice versa.

The first Wikipedia link is a general introduction to public-key cryptography. The second is a specific description of how keys are generated in RSA.

  • http://en.wikipedia.org/wiki/Public-key_cryptography
  • http://en.wikipedia.org/wiki/RSA#Key_generation

Solution 3:

There are multiple algorithms to generate public/private key pairs. You can have a look at RSA and DSA if you are interested.

Related

Can a private MSMQ queue be renamed?
10 GigE interfaces limits single connection throughput to 1 Gb on a ProCurve 4208vl
powershell or bat - counting files in all directories and subdirec
DNS: how to get local server to superimpose results over authoritative server?
how do I find where apt-get installs files belonging to a package
Using ROBOCOPY to MOVE data around, not copy it
Crontab definitions disappearing
How to Add Options to Bash Function
openldap proxied authorization
Automatic file revision on upload
Do I have to re-buy?
Can I convert my steam keys to gift copies?