When a client first time request for ssh, the server will send its public key. If the client trust the server and accepted the public key, it will stored in the server as an identity of that client.
Here is an example of first time ssh login attempt by a client:
aura@ubuntu:~$ ssh -l luzar 192.168.1.3
The authenticity of host '192.168.1.3 (192.168.1.3)' can't be established.
RSA key fingerprint is 8f:8f:a9:8a:47:58:3c:a8:2c:ce:6f:1d:45:dc:86:c9.
Are you sure you want to continue connecting (yes/no)?
If a client reject the public key, ssh will be terminated:
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
aura@ubuntu:~$
So user need to accept the ssh server public key to connect into the server. When the user accepted the public key, it'll be stored in the user's home directory, in a hidden file named .ssh/known_hosts. The next time the same user ask to connect using ssh, the server will look for the user .ssh/known_hosts file and compare the fingerprint. Here is an example of user ssh private key stored in the .ssh/known_hosts file:
No comments:
Post a Comment
Please keep comment relevant and strictly no spam will be tolerated. Thank you.