Confused between HostKey and Public/Private key

[dverbern]

I'm embarrassed to admit that despite reading through several articles on public key encrytion and the benefits of hostkey as a protection against man-in-the-middle attacks, I'm still unclear whether there is overlap between the concepts of the hostkey and generating public/private key pairs.

Are they entirely separate processes?

[bgagnon]

Hi dverbern,

Completely and entirely separate.
(But often confused, so we are glad you asked.)

The host key is the server proving its identity to the client. That's why a fingerprint is provided. So that the end user can verify the identity with the admin of the SSH/SFTP server.

More information on the importance of Host Keys within the Secure Shell protocol can be found in this whitepaper on our website.

Until key exchange is complete/successful, the connection cannot continue.

Public/private key authentication is the client proving who it claims to be to the server. It's one of several forms of authentication that may be supported by the SSH/SFTP server (there's also GSSAPI, password, keyboard-interactive).

Does this info help?