XK0-005 Question #801: Real Exam Question with Answer & Explanation

Question

Which of the following describes how a user's public key is used during SSH authentication?

Options

• AThe user's public key is used to hash the password during SSH authentication.
• BThe user's public key is verified against a list of authorized keys. If it is found, the user is allowed
• CThe user's public key is used instead of a password to allow server access.
• DThe user's public key is used to encrypt the communication between the client and the server.

Explanation

During SSH public key authentication, the server verifies the client's presented public key against the authorized_keys file in the user's home directory. If a match is found, the server challenges the client to prove ownership of the corresponding private key, and upon successful proof, grants access.

Common mistakes.

• A. Public keys are used for encryption and verification, not for hashing passwords during authentication; passwords are typically hashed on the client side before being sent, or not used at all with key-based auth.
• C. While public key authentication replaces password authentication, it's not simply "used instead of a password to allow server access"; there's a cryptographic challenge-response mechanism involved to prove ownership of the private key.
• D. The user's public key is primarily for authentication, not for encrypting the entire communication between client and server; symmetric keys are negotiated for data encryption after authentication.

Concept tested. SSH public key authentication, authorized_keys, cryptographic challenge

Reference. https://www.ssh.com/academy/ssh/authentication/public-key

No community discussion yet for this question.