From owner-freebsd-questions@FreeBSD.ORG Tue Sep 19 23:26:22 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FFA516A40F for ; Tue, 19 Sep 2006 23:26:22 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0795343D49 for ; Tue, 19 Sep 2006 23:26:21 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/8.12.11/smtpout07/MantshX 4.0) with ESMTP id k8JNQLK4019579; Tue, 19 Sep 2006 16:26:21 -0700 (PDT) Received: from [17.214.13.96] (a17-214-13-96.apple.com [17.214.13.96]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id k8JNQGcq010466; Tue, 19 Sep 2006 16:26:20 -0700 (PDT) In-Reply-To: <20060919223808.GF18329@zloy.stilyagin.com> References: <20060919165400.A4380@prime.gushi.org> <20060919212242.97964.qmail@web83102.mail.mud.yahoo.com> <20060919223808.GF18329@zloy.stilyagin.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <8AB47C58-3A82-438C-9482-24655EB46665@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Tue, 19 Sep 2006 16:26:15 -0700 To: Darrin Chandler X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== X-Brightmail-scanned: yes Cc: questions@freebsd.org Subject: Re: sshd brute force attempts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2006 23:26:22 -0000 On Sep 19, 2006, at 3:38 PM, Darrin Chandler wrote: > I think this isn't needed, and is somewhat silly. Like all (decent) > implementations of pubkey, the key is only used to authenticate and > exchange a symetric session key. So the pubkey sees little actual use, > compared with the session key. > > Anyone who knows better please correct me. That's about right. The (typical) 1024-bit RSA or DSA keypair is only used during the initial authentication stage; the symmetric authentication negotiated during the initial phase (typically 128-bit 3DES, or now AES128 or AES256) is used for the rest of the connection. SSHv2 protocol does an initial negotiation to figure out the best symmetric encryption and message-digest algorithm that both sides support (SSH2_MSG_KEXINIT), they then perform a Diffie-Helman group exchange (see RFC-4419, describing the SSH2_MSG_KEX_DH_GEX_REQUEST stage) to negotiate a shared secret which is signed by the host key of the server in order to provide reasonably strong host-based authentication. Only if that passes (ie, the client tests the signature using the public host key for the server), do the sides proceed to do user authentication via the SSH2_MSG_NEWKEYS stage, where the client uses the user's private key to sign the shared secret (well, actually, an "exchange hash" containing the shared secret and other things like the version # strings as well as the host key), which the server then checks to see is valid by using the public key of that user (ie, in ~/.ssh/authorized_keys) to decrypt and compare with the shared secret ("exchange hash") they negotiated in the first stage. The full gory details are in RFC-4253 & 4254. -- -Chuck