Date: Wed, 18 Mar 1998 12:20:06 -0800 From: Studded <Studded@dal.net> To: Jos Backus <J.G.E.Backus@urc.tue.nl> Cc: questions@FreeBSD.ORG Subject: Re: ssh and scp Message-ID: <35102C76.C9EC18E@dal.net> References: <350E6BC8.41C67EA6@wired.ctech.ac.za> <19980317130555.37679@mph124.rh.psu.edu> <19980318111124.A13158@asterix.urc.tue.nl> <19980318114401.64487@excite.com> <19980318133321.A23040@asterix.urc.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Jos Backus wrote: > > Hello Martijn, > > On Wed, Mar 18, 1998 at 11:44:01AM +0000, Martijn Koster wrote: > > > What prevents somebody from storing my public key in his ~/.ssh/identity.pub > > > and logging into server as me? > > > > The fact that only _you_ have your private key (~/.ssh/identity), with > > which you essentially prove the corresponding public key is yours. > > OK, this check is what I was missing in this picture. I wonder how this > verification process works, though. If I have a person's public key, how can > this person (using his private key) prove to me that it indeed is his? > > [Maybe we should take this thread out of -questions...] No, it's a perfectly good -questions question, it's just that security and authentication issues aren't easy to deal with or understand sometimes. :) The answer to your question essentially is that "that's how it works." The way ssh is set up is that you generate your private key, then the information in the private key is used to generate your public key. The ssh program knows how to fit the pieces together when you try to make a connection. If you want a lot more detail than this try installing pgp from the ports and read the essays that are included there. The system in ssh is very similar. Have fun, Doug -- *** Chief Operations Officer, DALnet IRC network *** *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 5,328 clients and still growing. *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35102C76.C9EC18E>