Hey this is a great forum, this is my first post and ohhh yea, my boss just came over and asked me what i was doing. im sure he thought i was in some chat room or something with those smilies over there. Anyway, I am trying to find out more about SSH....before now i didnt know you could be authenticated in another way besided password.

I do understand the difference betwenn the RSA and DES (3DES) algorithms, however i dont know how they are implemented in SSH. To my understanding the RSA key is used for the public private key transaction, and the DES is used to transmit the data?


Im kinda lost, would someone mind explaining a bit further.

thanks!

hi... i split this post away from the topic you replied on, as it was on a slightly different topic (SSH being slow vs encryption methods used).

anyhow... thanks for complimenting the forum :D i'm glad you like it, and i hope it becomes a very useful resource for you :D

as for your question...

i'm not 100% sure on this, but i do know that there is only one set of keys used for an entire SSH session when you are using password authentication. there is a private key used by the server, and a public key used by the client (obviously). When you connect to a machine using SSH, you can specify the encryption method to use (using the '-c' argument), so i think what happens is that the RSA key you have stored on the SSH server gets encrypted using whichever method the user chooses to use:

This, however, is assuming you are still using a password as an authentication method.

if you want to use an actual RSA key (or certificate) as your authentication method instead of a password, then what you have to do is to generate your own set of private/public keys and place the public key on the remote server somewhere (i think).

i'll look into this more, and post again :D

You actually had it right the first time. RSA is used for authentication and to exchange a session key for 3DES, AES, blowfish, or whatever. RSA is NOT used to encrypt the session, that would be way too slow. The client and server generally go through a negotiation for what session cipher they will use for the conversation. My Debian sid uses 3DES as the default.