How does SSH work?
SSH works by the exchange and verification of information, using public and private keys, to identify hosts and users. The ssh-keygen command creates a directory ~/.ssh and files that contain your authentication information, The public key is stored in ~/.ssh/identity.pub and the private key is stored in ~/.ssh/identity. Share only your public key. Never share your private key. To further protect your private key you should enter a passphrase to encrypt the key when it is stored in the file system. This will prevent people from using it even if they gain access to your files. One other important file is ~/.ssh/authorized_keys. Append your public keys to the authorized_keys file and keep the same copy of it on each system where you will make ssh connections. Once your identity has been created use the ssh command, much like telnet, to connect to a remote system.
SSH uses a protocol called port forwarding. This means that it tunnels the necessary ports for Web browsing (port 80), Email send and receive (ports 25 and 110), Usenet (port 119) through an encrypted tunnel (port 22). Any adversary attempting to read your data passing in either direction can only know that a, it is encrypted and b, it is passing through port 22 on your computer. They cannot even determine whether your Web browsing or sending Email. Note: This is not strictly true. I have heard a spokesman for the British Government claim that even encrypted traffic can give information of the type of traffic being passed. But the big idea is that they cannot read that traffic! The method is simple but very secure. Your desktop SSH program (called the client) asks for a connection to the remote host server. The host replies with its DSA public key. Your desktop checks this key against previous connections and alerts you if it is different, which might suggest someone was intercepting y
