When explicitly specifying identity file to ssh:
ssh -i ./id_rsa ...
I have these lines in ssh debug trace:
debug1: Offering public key: ./id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Does it mean ssh-generated id_rsa contains public RSA exponent as well? id_rsa format seems to be rather explicit that it contains private key with its "BEGIN PRIVATE KEY" block, so "offering public key" must mean something other than "sending out the public key to the server".
EDIT:
To clarify, I want to know what exactly is going on behind the "offering public key" line. If the client holds multiple keys, they all will be offered to the server one by one.
Best Answer
in order to connect to an SSH server and authenticate with your public/private keypair you have to first share your public key with the server.
this is done by copying the public key for your private key to the server, and adding it to
~/ssh/authorized_keyseither by copy/paste, copyingid_rsa.pubto~/.ssh/authorized_keyson the server or withcat id_rsa.pub >> ~/.ssh/authorized_keys, appending it to the list.when you connect, the server uses your public key to sign a challenge, and your client uses your private key
id_rsato decrypt the challenge, re-encrypt it with the server's publichost keyand send it back.the host verifies that you decrypted the challenge properly, by decrypting your response with its private key, and the client/host establish an encrypted connection, based on the shared data, not on your public/private keys.
at NO POINT in the exchange is your private key, or the host's private key exchanged or revealed to one another. your public key IS stored on the server, but that's why it is a PUBLIC key.