In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: >Am I right that ssh/sshd don't use ssh-keygen's keys when it comes to >encrypting and decrypting the data they exchange during a session? Yes. ssh-keygen creates a private/public key pair. These keys are used to authenticate the users (~/.ssh/identity) or the hosts (/etc/ssh_host_key) and to exchange keys at the start of the session and every KeyRegenerationInterval afterwards. >A different key is determined during inital negotiation between ssh >and sshd. Ssh-keygen's identity/identity.pub key pairs are only used >to secure the initial communication of this key from the host that >generates it to the other host. Thereafter, this same negotiated key >gets used on both sides-- ie, both for encryption and decryption-- >throughout the ensuing session. The keys are not used throughout the session. They are re-created every KeyRegenerationInterval or so. If you run an ssh connection in debugging mode with -v you'll see it regenerating the keys without user intervention.
