Subject: Newbie Question on Private Key

Newbie Question on Private Key

From: Scott Weber <>
Date: Mon, 28 Dec 2020 09:15:42 -0600

I am a new one here, and I am trying to understand this library. I find
the doc rather lacking, however the examples are very helpful. (maybe
someday I can help improve the doc... but not as a newbie).

I have sshd running on a Linux machine, and I'm connecting from a Windows
client app I'm developing. It is working, but there are things I am not
clear about.

First correct me if I'm wrong, but the protocol seems to use a PKI, but not
certificates. So the public/private exchange is used to generate the
symmetric key, like SSL, but there is no requirement for a CA.

Now connecting as a client, the
function libssh2_userauth_publickey_fromfile(...)
requires BOTH the public and private key.
Having both keys out in the wild seems to be a serious security risk.

Also, I've done some testing, and it appears that only the private key is
needed. I can NULL out the public key. (and yet the function name is "
... publickey_fromfile" )
Again, why?

I have both keys also on the linux server, but it appears (via the conf)
that the server only uses the public key.
It would seem that putting the public key "out in the wild" and keeping the
private key on the server is the normal step, at least when creating SSL

Would it function if I placed the private key in the authorized_keys file
on the server, and used the public key on the client?

And educational advice is appreciated.

Scott Weber

Received on 2020-12-28