Host Keys

The SSH host public and private keys are asymmetric keys that distinguish and identify hosts. Specifically:

Host keys are created either during TCP/IP configuration by the TCPIP$CONFIG.COM command procedure, or manually by a system manager, using the SSH_KEYGEN utility, as described in Chapter 7.

	NOTE: SSH for OpenVMS is configured with a single SSH service listening port (22) and a single host key. All incarnations of the SSH server process use the same host key.

User Keys

Public key authentication requires that a user also have a public-private key pair. The public key is published and distributed, or copied, to all the SSH servers with which the user communicates. The private key is kept on the local SSH client and must not be revealed to anyone except the key's owner. The user creates the public-private key pair by using the SSH_KEYGEN key generation utility (described in Chapter 7). The user's keys are used during public-key authentication. For information about the public-key authentication method, see Chapter 3.

Generating Keys

Key are generated by using the SSH_KEYGEN utility, as described in Chapter 7. SSH_KEYGEN generates both user's keys and host keys. For each key, the SSH_KEYGEN utility generates a pair of files: one with a public key and one with a private key. These files are used by cryptographic algorithms.

Managing User Keys

A user might need several, even hundreds of keys. For example, you might use one key for each remote server to which you connect, or one key for each account on a remote server. The following utilities are available to help manage multiple keys:

For more information about these utilities, see Chapter 7.