Errata

Section 15.1.2 appears to be seriously flawed in Points 3 and 4 (see
also RFC 4252). Please check.
Signatures are usually not created using the PUBLIC key as otherwise
any could provide the signature as the key is public. Usually, the private key is used.

Likewise the the checking is not performed by computing the same value
with the public key but by decrypting the message with the public key, i.e. inverting the encryption.

Note from the Author or Editor:
In section 15.1.2: Original text:
1. The SSH client requests authentication of a given user to the server.
2. If there is a public key on the server in that user?s home directory, the server replies with a challenge (random string) encrypted with the client?s public key.
3. The client decrypts the message with its private key, signs the challenge with its public key, and sends the signature back to the server.
4. The server computes the same signature with the user?s public key and compares it to the signature sent by the client. If they match, the user is authenticated.

Proposed correction:
1. The SSH client requests authentication of a given user to the server, this request includes the user's public key.
2. If a matching public key is on the server in that user's home directory, the server replies with a request for public key authentication accepted message.
3. The client sends back a signed message to the server where the signature is generated using the user's private key.
4. The server decrypts the signature using the user's public key and verifies that it's content is correct. If so, then the user is authenticated.