Hi All,

I have used Public key authentication from a Unix SSH client to
another Unix SSH server and from a Windows SSH client to Unix SSH
client (all using OpenSSH). Now I wanted to know if it will be any
different when the client is a Unix SSH client connecting to a Windows
SSH server (with OpenSSH or Cygwin running as service).

Also what I am getting confused is where will the private and public
keys be stored. I need to be logged into Unix and from there I want to
establish an sftp (or scp) connection to the Windows SSH server using
public key authentication. So I intend to generate the keys on the
Unix host, the private key will be on the Unix host and the public key
I will transfer to the Windows user home directory. Does it really
matter where I generate the keys - or is the host name a factor in the
key generation?

Thanks in advance.

anokun7 <anoopkumarv@gmail.com> wrote:
> I have used Public key authentication from a Unix SSH client to
> another Unix SSH server and from a Windows SSH client to Unix SSH
> client (all using OpenSSH). Now I wanted to know if it will be any
> different when the client is a Unix SSH client connecting to a Windows
> SSH server (with OpenSSH or Cygwin running as service).

Not much. The software is a bigger difference. So if it's OpenSSH
everywhere, it should be pretty straightforward.

> Also what I am getting confused is where will the private and public
> keys be stored.

There are multiple sets of public/private keys. The server will have a
host key and the user may have another set of keys.

For user side, the client needs to authenticate to the server, so the
client has the secret (private) key and the server has public key.

> I need to be logged into Unix and from there I want to
> establish an sftp (or scp) connection to the Windows SSH server using
> public key authentication. So I intend to generate the keys on the
> Unix host, the private key will be on the Unix host and the public key
> I will transfer to the Windows user home directory. Does it really
> matter where I generate the keys - or is the host name a factor in the
> key generation?

Host name is not a factor. The key generator often sticks a host name
into the public key file as a comment, but it's just for you to keep
track of it. It's not part of the key.

From a security point of view, you want the secret (the private key) to
move around as little as possible, so most would suggest that you
generate the keys on the client, then copy and install the public
component on the server as authorization. But as far as the software is
concerned, it doesn't matter where they're generated as long as they end
up in the right place.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

anokun7 <anoopkumarv@gmail.com> wrote:
> I have used Public key authentication from a Unix SSH client to
> another Unix SSH server and from a Windows SSH client to Unix SSH
> client (all using OpenSSH). Now I wanted to know if it will be any
> different when the client is a Unix SSH client connecting to a Windows
> SSH server (with OpenSSH or Cygwin running as service).

Not much. The software is a bigger difference. So if it's OpenSSH
everywhere, it should be pretty straightforward.

> Also what I am getting confused is where will the private and public
> keys be stored.

There are multiple sets of public/private keys. The server will have a
host key and the user may have another set of keys.

For user side, the client needs to authenticate to the server, so the
client has the secret (private) key and the server has public key.

> I need to be logged into Unix and from there I want to
> establish an sftp (or scp) connection to the Windows SSH server using
> public key authentication. So I intend to generate the keys on the
> Unix host, the private key will be on the Unix host and the public key
> I will transfer to the Windows user home directory. Does it really
> matter where I generate the keys - or is the host name a factor in the
> key generation?

Host name is not a factor. The key generator often sticks a host name
into the public key file as a comment, but it's just for you to keep
track of it. It's not part of the key.

From a security point of view, you want the secret (the private key) to
move around as little as possible, so most would suggest that you
generate the keys on the client, then copy and install the public
component on the server as authorization. But as far as the software is
concerned, it doesn't matter where they're generated as long as they end
up in the right place.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

On Aug 14, 5:43 pm, Darren Dunham <ddun...@redwood.taos.com> wrote:
> anokun7 <anoopkum...@gmail.com> wrote:
> > I have used Public key authentication from a Unix SSH client to
> > another Unix SSH server and from a Windows SSH client to Unix SSH
> > client (all using OpenSSH). Now I wanted to know if it will be any
> > different when the client is a Unix SSH client connecting to a Windows
> > SSH server (with OpenSSH or Cygwin running as service).
>
> Not much. The software is a bigger difference. So if it's OpenSSH
> everywhere, it should be pretty straightforward.
>
> > Also what I am getting confused is where will the private and public
> > keys be stored.
>
> There are multiple sets of public/private keys. The server will have a
> host key and the user may have another set of keys.
>
> For user side, the client needs to authenticate to the server, so the
> client has the secret (private) key and the server has public key.
>
> > I need to be logged into Unix and from there I want to
> > establish an sftp (or scp) connection to the Windows SSH server using
> > public key authentication. So I intend to generate the keys on the
> > Unix host, the private key will be on the Unix host and the public key
> > I will transfer to the Windows user home directory. Does it really
> > matter where I generate the keys - or is the host name a factor in the
> > key generation?
>
> Host name is not a factor. The key generator often sticks a host name
> into the public key file as a comment, but it's just for you to keep
> track of it. It's not part of the key.
>
> From a security point of view, you want the secret (the private key) to
> move around as little as possible, so most would suggest that you
> generate the keys on the client, then copy and install the public
> component on the server as authorization. But as far as the software is
> concerned, it doesn't matter where they're generated as long as they end
> up in the right place.
>
> --
> Darren Dunham ddun...@taos.com
> Senior Technical Consultant TAOS http://www.taos.com/
> Got some Dr Pepper? San Francisco, CA bay area
> < This line left intentionally blank to confuse you. >



Thank you so much for the concise response. You ed clear up my
confusion.

Best regards.

On Aug 14, 5:43 pm, Darren Dunham <ddun...@redwood.taos.com> wrote:
> anokun7 <anoopkum...@gmail.com> wrote:
> > I have used Public key authentication from a Unix SSH client to
> > another Unix SSH server and from a Windows SSH client to Unix SSH
> > client (all using OpenSSH). Now I wanted to know if it will be any
> > different when the client is a Unix SSH client connecting to a Windows
> > SSH server (with OpenSSH or Cygwin running as service).
>
> Not much. The software is a bigger difference. So if it's OpenSSH
> everywhere, it should be pretty straightforward.
>
> > Also what I am getting confused is where will the private and public
> > keys be stored.
>
> There are multiple sets of public/private keys. The server will have a
> host key and the user may have another set of keys.
>
> For user side, the client needs to authenticate to the server, so the
> client has the secret (private) key and the server has public key.
>
> > I need to be logged into Unix and from there I want to
> > establish an sftp (or scp) connection to the Windows SSH server using
> > public key authentication. So I intend to generate the keys on the
> > Unix host, the private key will be on the Unix host and the public key
> > I will transfer to the Windows user home directory. Does it really
> > matter where I generate the keys - or is the host name a factor in the
> > key generation?
>
> Host name is not a factor. The key generator often sticks a host name
> into the public key file as a comment, but it's just for you to keep
> track of it. It's not part of the key.
>
> From a security point of view, you want the secret (the private key) to
> move around as little as possible, so most would suggest that you
> generate the keys on the client, then copy and install the public
> component on the server as authorization. But as far as the software is
> concerned, it doesn't matter where they're generated as long as they end
> up in the right place.
>
> --
> Darren Dunham ddun...@taos.com
> Senior Technical Consultant TAOS http://www.taos.com/
> Got some Dr Pepper? San Francisco, CA bay area
> < This line left intentionally blank to confuse you. >



Thank you so much for the concise response. You ed clear up my
confusion.

Best regards.