Date: Tue, 10 Oct 2000 13:14:45 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Kris Kennaway <kris@citusc.usc.edu>, Terry Lambert <tlambert@primenet.com>, arch@FreeBSD.org, Poul-Henning Kamp <phk@critter.freebsd.dk>, Warner Losh <imp@village.org>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl> Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1001010131233.28422B-100000@fledge.watson.org> In-Reply-To: <200010101623.e9AGNwY13314@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Oct 2000, Matt Dillon wrote: > :As I pointed out earlier, there needs to be a way for the administrator to > :securely retrieve the SSH key so that they can log in securely. Otherwise > :the whole point of using SSH is lost. If they just blindly accept the key > : > : Robert N M Watson > :robert@fledge.watson.org http://www.watson.org/~robert/ > > The public key you stick in your authorized_keys file is... well, > public. You can retrieve it over an unsecure network just fine and > it doesn't really matter who sniffs it. A good sysop will change the > key every month or two just to maintain control over leakage of the > private key (since people need the private key to be able to ssh to > the box being installed), but that's about it. It's a whole lot better > then transfering an encrypted password file and distributing the plaintext > root password to all the sysads (not to mention the fact that no sysad > in their right mind enables plaintext password logins to root over > a network). I'm referring to the host public key, which is used by the client to authenticate the connection to the server. If the client cannot retrieve it in a secure manner, it cannot securely authenticate that it has connected to the right host. Right now, in absence of any defined PKI for SSH, the commonly accepted mechanism is to compare the a priori known host key fingerprint with the one printed by the SSH client: if they are the same, and the hostname being bound is the same, accept the key. In the current install, that fingerprint does not become available until after the first boot with SSH enabled. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001010131233.28422B-100000>