If you didn't create a keypair, you probably do not have one.
SSH2 traffic is encrypted with a symmetric session key established using DH, ECDH algorithms or GSSAPI key exchange. Neither the host key nor the user key are used for encrypting data – their only purpose is authentication.
Now remember that SSH supports several authentication methods: in addition to publickey
, almost all servers accept the simple password
and/or keyboard-interactive
, in which no key generation or usage takes place – the password is simply sent to the remote server for verification.
In other words, "since I've already established ssh connections before, they must be somewhere" is incorrect – the user keypair is not necessary for establishing connections.
If you did create a keypair, it will likely be in ~/.ssh/id_*
– for example, id_rsa
for the default RSA keypair, id_ecdsa
for ECDSA, id_dsa
for DSA. Although these files contain both private and public parts of the keypair, the public part is usually automatically extracted into a separate id_*.pub
file for convenience (id_rsa.pub
for id_rsa
and so on).
Does that mean that if I was never asked to generate SSH keys that RSA has never been used? In other words, that some asymmetric algorithm was used to share the session key, but that the temporary public/private keys for connection weren't stored on my computer? – None – 2011-12-20T23:18:54.213
That's exactly right. Actually, the encryption is symmetric -- asymmetric algorithms aren't well suited for streaming. The Diffie-Hellman is used to generate a session key for the symmetric encryption. If you instead use a public/private key pair, they're used in some other handshake to create a session key for the symmetric algorithm. – Charlie Martin – 2011-12-20T23:23:59.343
@mieli: No. They were never created in the first place.
publickey
is only one possible authentication method of many; if you simply logged in usingpassword
orkeyboard-interactive
, the password itself was sent. (Note: Do not confuse the user key, the host key, and the session keys.) – user1686 – 2011-12-20T23:25:01.000@grawity we're mostly agreeing here but let's be a little careful. Diffie-Hellman key exchange is related to RSA and other asymmetric encryption algorithms and is essentially asymmetric, since both sides of the exchange have their own "half" of the eventual agreement. They do have two parts of the key, and the eventual key and the exact process to build it are discarded at end of session. They're not, however, the public and private parts of an RSA pair. – Charlie Martin – 2011-12-22T00:50:52.380