From owner-freebsd-questions  Wed Mar 18 12:20:44 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA14028
          for freebsd-questions-outgoing; Wed, 18 Mar 1998 12:20:44 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from dt050n33.san.rr.com (@dt050n33.san.rr.com [204.210.31.51])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA14021
          for <questions@FreeBSD.ORG>; Wed, 18 Mar 1998 12:20:33 -0800 (PST)
          (envelope-from Studded@dal.net)
Received: from dal.net (Studded@localhost [127.0.0.1])
	by dt050n33.san.rr.com (8.8.8/8.8.8) with ESMTP id MAA08717;
	Wed, 18 Mar 1998 12:20:07 -0800 (PST)
	(envelope-from Studded@dal.net)
Message-ID: <35102C76.C9EC18E@dal.net>
Date: Wed, 18 Mar 1998 12:20:06 -0800
From: Studded <Studded@dal.net>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.6-BETA-0316 i386)
MIME-Version: 1.0
To: Jos Backus <J.G.E.Backus@urc.tue.nl>
CC: questions@FreeBSD.ORG
Subject: Re: ssh and scp
References: <350E6BC8.41C67EA6@wired.ctech.ac.za> <19980317130555.37679@mph124.rh.psu.edu> <19980318111124.A13158@asterix.urc.tue.nl> <19980318114401.64487@excite.com> <19980318133321.A23040@asterix.urc.tue.nl>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Jos Backus wrote:
> 
>         Hello Martijn,
> 
> On Wed, Mar 18, 1998 at 11:44:01AM +0000, Martijn Koster wrote:
> > > What prevents somebody from storing my public key in his ~/.ssh/identity.pub
> > > and logging into server as me?
> >
> > The fact that only _you_ have your private key (~/.ssh/identity), with
> > which you essentially prove the corresponding public key is yours.
> 
> OK, this check is what I was missing in this picture. I wonder how this
> verification process works, though. If I have a person's public key, how can
> this person (using his private key) prove to me that it indeed is his?
> 
> [Maybe we should take this thread out of -questions...]

	No, it's a perfectly good -questions question, it's just that security
and authentication issues aren't easy to deal with or understand
sometimes. :) The answer to your question essentially is that "that's
how it works." The way ssh is set up is that you generate your private
key, then the information in the private key is used to generate your
public key. The ssh program knows how to fit the pieces together when
you try to make a connection. If you want a lot more detail than this
try installing pgp from the ports and read the essays that are included
there. The system in ssh is very similar. 

Have fun,

Doug

-- 
***         Chief Operations Officer, DALnet IRC network       ***
*** Proud operator, designer and maintainer of the world's largest
*** Internet Relay Chat server.  5,328 clients and still growing.
*** Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message