On Fri, Feb 11, 2000 at 01:47:11AM +0800, Ronald Tin wrote: > I just noticed a strange thing.... > > In the default /etc/ssh/sshd_config there is a line "ServerKeyBits 768", > however, the post-installation script creates a key with 1024 bits. > > I thought the ServerKeyBits option should correspond to > the host key as generated by the script? > > Is it a bug, or did I misunderstood something?
different keys, the hostkey is used to verify the host is who it says it is, how that works is the first time a client connects its given the public host key (it would be more secure to get this directly from the admin but...) the client then encrypts a random token with that public key and sends it to the server, if the server sends the decrypted token back the client knows the server is who it says it is (this of course assumes you did not get a bogus public key in the first place) ServerKeyBits refers to the encryption key that is generated on the fly when sshd starts its used to actually encrypt the session traffic. its never saved to disk and is regenerated every hour or so (defined in sshd_config as well) -- Ethan Benson
