"When first learning about public and private SSH keys, it's natural to assume that SSH uses these key pairs to encrypt and decrypt traffic. That's what I thought. But it's not the case. An SSH key pair is only used for authentication during the initial handshake."
Well. I feel a bit silly. Did I never know this or did I forget it? I've been using ssh for literally decades!
smallstep.com/blog/ssh-agent-e

Follow

@gemlog Almost all asymmetric encryption (i.e., a public/private keypair) works like that, using the keypair to establish a shared session key that drives symmetric encryption (i.e., a single shared key). Symmetric is usually way lower overhead for sending messages. Plus, a session key that lasts for a single session means it's harder to capture your traffic and decrypt it later if some of your keys are compromised. Have to capture the initial shared key setup to do that.

@koenig I first read about asymmetric key pairs via Bob and Alice in the early 80's. I don't know why I thought the whole ssh session used the same pair. The way it actually works is much better, of course. More like perfect forward secrecy. I guess it's something I use everyday and just never thought about for many years.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko