how SSH works ?
Ssh works by the exchange and verification of information, using public and private keys, to identify hosts and users. It then provides encryption of subsequent communication, also by the use of public/private key cryptography.
In describing ssh here, the term client means a workstation or PC that you are already logged in to, e.g., your own personal workstation or a group workstation that provides XDM session management for several X terminals. The term server means a secondary remote workstation that you wish to log in to to do some work; a login session server.
Put simply, the client is where you type "rlogin server" or "rcp file server:newfile" and the server is where you get a new login session and shell prompt or are copying files, respectively.
As a user, you generate an "identity" on the client system by running the ssh-keygen program. This program creates a subdirectory $HOME/.ssh and inserts in it two files named identity and identity.pub which contain your private and public keys for your account on the client system. This latter file can then be appended to a file $HOME/.ssh/authorized_keys that should reside on any/all servers where you will make ssh connections.
As a system administrator, you generate a public and private key pair for the system itself. By use of this information contained within the system itself, the possibility of someone spoofing the system's identity by faking IP addresses or munging up DNS records that associate IP addresses and domain names is removed. You would have to break into the system and steal its private key in order to sucessfully pretend to be that system. This is a big improvement in security.
The biggest task if you manage a large number of systems that are meant to be used together is collecting and distributing the keys that identify all the hosts which run ssh. Tools exist for handling this task: ssh includes the program make-ssh-known-hosts.pl (which requires POSIX.pm be installed in your Perl library directory) and another script is available on the Internet.
sourceL washington.com