014.02.16.5. Setting up an SSH connection requires the remote host's public key, which may not always be obtained securely. How can one verify the authenticity of the remote host's public key to avoid being spoofed, and what are the challenges involved in this process?
The public key can encrypt a message but not decrypt it, hence, it doesn't matter who has its access. The private key decrypts the message from public key. Its easier to protect the private key because we need to keep only one copy of it, and it can't be transmitted. Authenticity of the remote host's public key can be verified without transmitting any keys.
