security - How SFTP works with keys? -


i new sftp , need understanding following. research half day on net not found relevant ans.

what role of keys in sftp? authentication or encrypting data?

my assumption lets using computer name "source" , need send file computer name "destination".

now think computer named "source" generate pair of public , private keys. send public key computer "destination" , keep private key secure.

now confused because if sftp uses keys encrypt data if computer "source" encrypt data using public key , send computer name "destination", destination computer not have private key decrypt file, how working?

on note if keys use authenticate how works. computer "source" has both private , public key , computer "destination" has public key. understanding can have public key if man in middle has public key , if install on pc, how security works then?

there 2 distinct concepts understand:

  1. data encryption use symmetric-key algorithms such 3des, aes,..
  2. public key authentication use asymmetric algorithms such rsa, ecdsa,..

from sftp man page :

sftp interactive file transfer program, similar ftp, performs operations on encrypted ssh transport. may use many features of ssh, such public key authentication [...]

from ssh man page :

public key authentication works follows: scheme based on public-key cryptography, using cryptosystems encryption , decryption done using separate keys, , unfeasible derive decryption key encryption key. idea each user creates public/private key pair authentication purposes. server knows public key, , user knows private key.

the data encryption algorithm can selected -c option :

-c cipher_spec selects cipher specification encrypting session.

the supported ciphers are: - 3des-cbc - aes128-cbc - aes192-cbc - aes256-cbc [...]

  • the authentication keys (assymetric) stored in ~/.ssh/ directory , are not used data encryption.
  • the data encryption keys (symmetric) created per session through key exchange algorithm , never communicate between client , server if same key present on both side of communication.

for more details, can read article digital ocean : understanding ssh encryption , connection process


Comments

Post a Comment

Popular posts from this blog

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more