SSH Communications Security
Index
SSH Home page
Previous Next Up [Contents] [Index]

    Introduction >>
    Configuration >>
    Connecting >>
    Terminal Window >>
    File Transfer >>
    Toolbar Reference >>
    Menu Reference >>
    Advanced Information >>
        SSH2 Functionality >>
            Host Keys
            Security Properties
        Public-Key Infrastructure (PKI) >>
        Using Certificate Authentication>>
    Troubleshooting >>
    Appendices >>

Host Keys

Each server host must have a host key. Hosts may have multiple host keys using multiple different algorithms. Multiple hosts may share the same host key. Every host must have at least one key using each required public key algorithm.

The server host key is used during key exchange to verify that the client is really communicating with the correct server. For this to be possible, the client must have prior knowledge of the server's public host key.

Two different trust models can be used:

  • The client has a local database that associates each host name (as typed by the user) with the corresponding public host key. This method requires no centrally administered infrastructure, and no third-party coordination. The downside is that the database of name-key associations may become burdensome to maintain.
  • The host name - key association is certified by a trusted certification authority. The client knows only the CA root key, and can verify the validity of all host keys certified by accepted CAs. The second alternative eases the maintenance problem, since ideally only a single CA key needs to be securely stored on the client. On the other hand, each host key must be appropriately certified by a central authority before authorization is possible. Also, a lot of trust is placed on the central infrastructure.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2001 SSH Communications Security Corp
All rights reserved.
Copyright Notice