1D0-470
You installed SSH on an older Linux server. You want to allow users to authenticate securely. Which choice lists two actions that must occur first?

A.
Public keys must first be exchanged to enable data encryption, and then the system exchange host keys to enable authentication without passwords.

B.
The system must exchange host keys to enable data encryption, and individual users must exchange public keys to enable authentication without passwords.

C.
A key pair must be obtained from a CA to enable data encryption, then host keys must be exchanged to enable authentication.

D.
A key pair must be obtained from a CA to enable authentication, then host keys must be exchanged to enable data encryption.

Explanation:
SSH uses a public key scheme. First public keys are exchanged to enable data encryption, then host keys are exchanged to enable authentication. SSH uses two different kinds of key pairs: host keys and user keys. The user keys are public.
Note 1: An SSH (Secure Shell Protocol) session is very similar to a Telnet session. Where a SSH session differs from telnet is that your password is encrypted and not sent in the clear. OpenSSH is a FREE version of the SSH protocol suite.
Note host keys:
Part of the SSH installation process is the generation of a host key (pair). The host key generated at setup time can be used by that host indefinitely, barring root compromise. And Because the host key identifies the host, not individual users, each host needs only one host key. Note that host keys are used by all computers that run SSH regardless of
SSH can negotiate keys and set up encrypted sessions completely transparent to users using host keys.
Incorrect Answers:
A: First host keys, not user keys, are used to enable data encryption.
B: The public keys are exchanged first, not the host keys.
C: A key pair doesn’t have to be obtained from a CA, instead host keys can be used to initiate data encryption.
D: A key pair doesn’t have to be obtained from a CA, instead host keys can be used to initiate data encryption.