Why does a SSH server need a host key-pair?

Question

I know that the client needs a client key-pair for client authentication; Clients sends its public key to the Server for it to encrypt a challenge which will be decrypted by the Client to authenticate the Client.

I also know that before authenticating the Client, the Client needs to authenticate the Server by storing the host public key in ~/.ssh/known_hosts

However, why does the Server need a host key-pair? It seems like only the host's public key is needed, why do we need asymmetrical keys for this?

Answer 1

You already quite understand how the public key cryptography works and how the client is authenticated to the server using public key authentication.

The same thing is needed on the other direction. Internet and computer networks are evil place and it is quite easy to redirect traffic, spoof DNS or somehow make you connect to evil host, which would like to capture your password or other sensitive information. And it can not be ensured using public key only, because everyone can send you this public key, but only the server you want to connect can send you signature of your data that you can verify using the public key of the host.

Answer 2

When the SSH connection is established, the server encrypts the session key with its private key and client decrypts it with server public key. Also, to prove the server has its private key related the public key it claims to have, it has to encrypt (sign) something with the private key. Otherwise, you can get the public key of any server and say it is yours although you don't own the key. It is a bit more complicated than this, but that is the simple version.

See https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process for how the SSH connection is established.