Key Management
On Unix-like systems, the list of authorized keys is stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys. This file is only respected by ssh if it is not writable by anything apart from the owner and root. When the public key is present on one side and the matching private key is present on another side, typing in the password is no longer required (some software like MPI stack may need this password-less access to run properly). However, for additional security the private key itself can be locked with a passphrase.
The private key can also be looked for in standard places, but its full path can also be specified as a command line setting (the switch -i for ssh). The ssh-keygen utility produces the public and private keys, always in pairs.
SSH also supports password-based authentication that is encrypted by automatically generated keys. In this case the attacker could imitate the legitimate side, ask for the password and obtain it (man-in-the-middle attack). However this is only possible if the two sides have never authenticated before, as SSH remembers the key that the remote side once used. Password authentication can be disabled.
Read more about this topic: Secure Shell
Famous quotes containing the words key and/or management:
“The key word in my plays is “perhaps.””
—Samuel Beckett (1906–1989)
“No officer should be required or permitted to take part in the management of political organizations, caucuses, conventions, or election campaigns. Their right to vote and to express their views on public questions, either orally or through the press, is not denied, provided it does not interfere with the discharge of their official duties. No assessment for political purposes on officers or subordinates should be allowed.”
—Rutherford Birchard Hayes (1822–1893)