- Bronze, 100 points or more
Hi every body!
my book shows the following configuration with regard to ssh.
eema(config)#line vty 0 15
eema(con-line)# transport input telnet ssh
eema(config)# username sarah password cisco
eema(config) # ip domain-name example.com
eema(config) # crypto key generate rsa
The command " show crypto key mypubkey rsa shows the following :
Since public key is predictable( all i need to know is domain name and the host name of the machine to drive public key), then how ssh is safe to use? it is safer than using telnet but it is not completely safe. Once i know the public key , i can decrypt the messages .
Thanks a lot!
"Since public key is predictable( all i need to know is domain name and the host name of the machine to drive public key)"
You can't derive the public key from just the domain name and the hostname of the machine. The public and private keys are run through a crypto algorithm to generate them. The domain name/hostname are simply used as part of the seed value.
"Once i know the public key , i can decrypt the messages ."
Actually it's a fair bit more complicated than this.
If you want to encrypt/decrypt you do not encrypt with the private key and decrypt with the public key because as you say any one could then decrypt your messages.
There are primarily 2 uses of public/private keys but a couple of points first.
Most important point to note is anyone has access to public key but only you have access to private key.
Data encrypted with one of the key pair can be decrypted with the other key.
Asymmetric encryption = a pair of keys one public and one private used for encryption/decryption.
Symmetric encryption = same key is used to encrypt and decrypt data.
Uses of public/private keys.
1) Encrypt/decrypt. Note that you don't generally encrypt/decrypt all data with these keys because you actually use symmetric encryption/decryption for large amounts of data - see last paragraph for further details.
If you wanted to send an encrypted message to me you would need my public key. My public key is freely available. You then encrypt the data with my public key. The only person who can decrypt this message is me because only i have the private key.
2) Message integrity/digital signing.
You want to send me a message and you don't care whether anyone can view it so it doesn't need to be encrypted. But you do care that i can verify it was from you.
So you run the data through an algorithm such as MD5/SHA together with your private key. When i receive it i use your public key and run the same algortithm. If it checks out okay i know the message came from you because only you have your private key.
Data encryption/decryption using public/private keys is computationally very expensive. So the public/private keys are used to securely exchange a symmetric key which is then used to encrypt/decrypt the data. But all the above still applies.