SSH authentication is based on private and public keys pair.
User generates a key pair consisting of a private key and a public key. The private key is kept securely on the user's computer, while the public key is uploaded to the server.
When the user tries to connect to the server, the server sends a challenge to the client. The challenge is a random string that is encrypted with the server's public key.
The client receives the challenge and decrypts it using its private key. The client sends the decrypted challenge back to the server.
The server verifies that the decrypted challenge matches the original challenge. If it does, the server grants access to the client. else server rejects the connection.
It's the user that generates their own key pair not the server. The server doesn't send the private key to the user, as that would be a security risk. The private key should always remain on the user's computer and never be shared with anyone else.
Cheers!
Top comments (0)