The concept of public-key cryptography was introduced in 1976 by Whitfield Diffie and Martin Hellman[1] to solve the key management problem. In their concept, each person gets a pair of keys, one called the public key and the other called the private key. Each person's public key is published while the private key is kept secret. The need for the sender and receiver to share secret information is eliminated. All communications involve only public keys, and no private key is ever transmitted or shared.
The only requirement is that public keys are associated with their users in a trusted (authenticated) manner (for instance, in a trusted directory).
The principal idea behind PKE is anyone can send a confidential message by utilizing public information, the public key, but the message can only be decrypted with a private key, which is in the sole possession of the intended recipient.
In the context of ssh, this means that a user generates a public key (i.e., the content of WOMBATNET:$HOME/.ssh/id_dsa.pub) and a private key (i.e., the content of WOMBATNET:$HOME/.ssh/id_dsa), in the case of DSA[2] encryption, as in 3.1. An individual's public key is than placed on a remote system to be used for authentication (i.e. chinookfe:$HOME/.ssh/authorized_keys2). This means that for anyone to access the account on the remote system (chinookfe) via ssh they must possess the private key that corresponds to that account. An individual can also have multiple public keys residing in their authentication file on the remote system. The benefit of this is that a high degree of granularity can be established with regard to instantiating secure connections to a remote system.
Typically, private keys are further protected by encrypting them on the filesystem where they are stored. This prevents an intruder from using your private key even if they gain access to the filesystem it resides on.
If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.