Implementation Issues
There are many differences among the current crop of SSH implementations: features that aren’t dictated by the protocols, but are simply inclusions or omissions by the software authors. Here we discuss a few implementation-dependent features of various products:
Host keys
Authorization in hostbased authentication
SSH-1 backward compatibility
Randomness
Privilege separation
3.6.1 Host Keys
SSH host keys are long-term asymmetric keys that distinguish and identify hosts running SSH, or instances of the SSH server, depending on the SSH implementation. This happens in two places in the SSH protocol:
Server authentication verifying the server host’s identity to connecting clients. This process occurs for every SSH connection.[20]
Authentication of a client host to the server; used only during RhostsRSA or hostbased user authentication.
Unfortunately, the term “host key” is confusing. It implies that only one such key may belong to a given host. This is true for client authentication but not for server authentication, because multiple SSH servers may run on a single machine, each with a different identifying key.[21] This so-called “host key” actually identifies a running instance of the SSH server program, not a machine.
OpenSSH maintains a single database serving both server authentication and client authentication. It is the union of the system’s known_hosts file (/etc/ssh/ssh_known_hosts), together with the user’s ~/.ssh/known_hosts file on either the source machine (for ...
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
