Some questions about C14 SSH connection and encryption


#1

Hello,

I just subscribed to the C14 service, but I am still a little confused about how data is encrypted.

I created an archive with SSH connection enabled, and am using SFTP (Filezilla on Linux) to connect to the safe-deposit box. However, it seems that I need neither a password nor a keyfile to authenticate when I connect to the C14 server. Same when using scp via the command line. Can that be right?

Furthermore, am I right that when you encrypt the data for archiving you are generating a new symmetric encryption key that can then be downloaded and eventually deleted on the server by the user? In that case, why do I have to associate an SSH public key to an archive? What is that key actually used for?

Finally, I seem to be having a hard time getting a connection to your servers at all. 9 out of 10 times the connection times out, while the unique hostname given can be pinged just fine however. Is that exceptional or is it the level of availability I have to expect?

Thanks a lot!


#2

So nobody can help me with that? I would really like to understand what that SSH key is used for, and if anybody who knows the hostname and port can connect to my safety-deposit box.

Should I open a support ticket instead?

Or maybe I should translate my question into French? :wink:


#3

Ok…after some tinkering I think I know what’s going on.

In fact my SSH client automatically located the private key I generated that goes along with the public key associated to the archive, even though I gave it a non-default name. Apparently the “ssh-agent” on Linux scans the $HOME$/.ssh/ directory for any keyfiles in there and automatically finds the right key when ssh attempts a public key authentication with a remote server. Pretty nifty actually.

I also found out that you do not actually need to select an SSH key when opening an archive with SSH connection, in which case only the password is used for authentication.

Finally, the archive is in fact symmetrically encrypted with a random passphrase generated by the server, which is totally independent from the SSH keys you can upload.