Date: Thu, 1 Jan 1998 23:35:54 -0500 (EST) From: mgraffam@mhv.net To: Brian Somers <brian@awfulhak.org> Cc: questions@FreeBSD.ORG Subject: Re: ssh trust (was Re: HACKED (again)) Message-ID: <Pine.LNX.3.96.980101233046.31382C-100000@localhost> In-Reply-To: <199801012357.XAA01930@awfulhak.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 1 Jan 1998, Brian Somers wrote: > Errrum, that's not true AFAIK. Ssh's authentication is challenge > based - it goes something like this: > > The server sends some random data, the client encrypts it using his > private key, his machines private key and the servers public key and > sends the answer to the server. The server decrypts it using its > private key, the client machines public key and the clients public > key, then compares it against the original. Someone watching the > conversation will be none the wiser. I dont think that ssh uses this variation on RSA authentication, but it well may .. however it is also true that ssh uses symmetric crypto of the password (if you use a Unix password to login). In this scenario, public key crypto is used to send a session key for IDEA or 3DES, or whatever you're using, and then the clients asks the user for his Unix password, it is encrypted (along with all other traffic) with the IDEA|3DES session key and sent to the host, decrypted and verified as usual. Ssh supports other authentication schemes as well, including kerberos (if it is compiled in) and TIS, though I know nothing of this later scheme. Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc "Enlightenment is man's emergence from his self-incurred immaturity. Immaturity is the inability to use one's own understanding without the guidance of another. . .Sapere aude! Have the courage to use your own understanding!" - Immanuel Kant "What is Enlightenment?" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBNKxurwKEiLNUxnAfAQHwqwP+PpsnJLTZOu4blI5X5AdWZgb6FCp+VrWq ma7LZxz5r7AWSXNAouDFCR7f42IK/iHLORavHS1wixUwk6VpF3q/1UOCmywxsKtQ g8sDm4ZG22CMaWZ7YB3RBzRcVCKtCx/Uxf0XoOA03Lu1DTIbyAIPlroOVisvJMNQ KKZmvDQSr0Y= =Qgbz -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.980101233046.31382C-100000>