After reading SSH Passwordless Login Using SSH Keygen in 5 Easy Steps, I come across the question: Are the keys generated by ssh-keygen only used in login authentication? I mean if I want to modify ssh-keygen to support a new public-key cryptography method, it won't impact the data transfer except login flow.
Sorry if it's a dumb question.
Yes the keys you generate are only used to authenticate who you are. The actual encryption is handled after you authenticate.
So the initial communication to authenticate is Asymmetric, using your generated keys to confirm who you are, then a set of Symmetric keys are generated to encrypt the actual session.
Rather than me make a mess of explaining the actual details here is an easy to understand breakdown: https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process.
Assuming you do change ssh-keygen as long as it is a supported cryptography method the server can understand it will not effect the integrity of the data in transit.
