Editing Secure Shell (section)

== Definition ==
SSH uses [[public-key cryptography]] to [[authentication|authenticate]] the remote computer and allow it to authenticate the user, if necessary.<ref name="rfc4252" />

SSH may be used in several methodologies. In the simplest manner, both ends of a communication channel use automatically generated public-private key pairs to encrypt a network connection, and then use a [[password]] to authenticate the user.

When the public-private key pair is generated by the user manually, the authentication is essentially performed when the key pair is created, and a session may then be opened automatically without a password prompt. In this scenario, the public key is placed on all computers that must allow access to the owner of the matching private key, which the owner keeps private. While authentication is based on the private key, the key is never transferred through the network during authentication. SSH only verifies that the same person offering the public key also owns the matching private key.

In all versions of SSH it is important to verify unknown [[public key]]s, i.e. [[Public-key cryptography#Associating public keys with identities|associate the public keys with identities]], before accepting them as valid. Accepting an attacker's public key without validation will authorize an unauthorized attacker as a valid user.