LX0-104 · Question #687
What is true regarding public and private SSH keys? (Choose two correct answers.)
The correct answer is B. The private key must never be revealed to anyone. D. To maintain the private key's confidentiality, the SSH key pair must be created by its owner.. SSH private keys must be kept confidential by their owner, who should also be responsible for their creation, to ensure secure remote access.
Question
Options
- ASeveral different public keys may be generated for the same private key.
- BThe private key must never be revealed to anyone.
- CFor each user account, there is exactly one key pair that can be used to log into that account.
- DTo maintain the private key's confidentiality, the SSH key pair must be created by its owner.
- ETo allow remote logins, the user's private key must be copied to the remote server.
How the community answered
(21 responses)- A5% (1)
- B95% (20)
Why each option
SSH private keys must be kept confidential by their owner, who should also be responsible for their creation, to ensure secure remote access.
Only one public key is mathematically derived from and corresponds to a given private key; it is not possible to generate several different public keys for the same private key.
The private key is the secret part of an SSH key pair and must always remain confidential, as its compromise grants unauthorized access to systems configured with the corresponding public key.
A single user account can use multiple SSH key pairs to log in, as numerous public keys can be added to the `authorized_keys` file for that user.
Generating the SSH key pair by its owner is essential for maintaining the private key's confidentiality, ensuring that no one else has initial access to the secret component.
To enable remote logins using SSH keys, the user's public key (not the private key) must be copied to the remote server's `~/.ssh/authorized_keys` file.
Concept tested: SSH key pair management and security
Source: https://www.ssh.com/academy/ssh/key-pair
Topics
Community Discussion
No community discussion yet for this question.