[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FAS and public Key auth

On Thu May 22 2008, Mike McGrath wrote:

> Client tries to ssh to Server A
> Server A generates a random number, encrypts it with pub, sends it to the
> client
> The client decrypts this number with private key and sends it back to A.
> Bam!  Shell.

The public key authentication does not work this way. 

> The guys in #openssh are saying this isn't possible but I wasn't convinced
> with their reason (basically that server B doesn't have server A's
> host keys).  Can someone else explain why the above isn't possible?

To authenticate, the client needs to sign a session identifier (and some other 
information) with his private key and send the signature to the server. The 
session identifier is a hash of several data that includes the host key.


Attachment: signature.asc
Description: This is a digitally signed message part.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]