4
This seems far too simple and I feel like I might have missed something glaringly obvious, but what is actually happening when you use SSH without generating a key pair?
A variant on this question has been asked here and like the answer, I had always understood that without the key pair, SSH falls back to password authentication.
However, the Wikipedia article only describes two ways of using it. Both seem to involve key pairs, one manually generated and one automatically.
There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
Another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password
When I create an SSH connection to an unsecured server without a key pair, I'm prompted for my username and password, then I have access to the shell.
Is the password fallback an implementation detail and therefore not in the wiki? Has a keypair been automatically generated, as suggested (if so, how did the public key get to the server)? Or is it going on password alone.
If it's using only the password and username combination, is the data being encrypted at all? If so, how is it being encrypted?
Spot on! Thank you - this was really insightful. Yet another occurrence of a simple concept being as clear as mud on Wikipedia! – Dan Prince – 2015-03-14T19:39:00.050