FAS and public Key auth
Till Maas
opensource at till.name
Thu May 22 21:04:28 UTC 2008
On Thu May 22 2008, Mike McGrath wrote:
> On Thu, 22 May 2008, Till Maas wrote:
> > On Thu May 22 2008, Mike McGrath wrote:
> > > Client tries to ssh to Server A
> > >
> > > Server A generates a random number, encrypts it with pub, sends it to
> > > the client
> > >
> > > The client decrypts this number with private key and sends it back to
> > > A.
> > >
> > > Bam! Shell.
> >
> > The public key authentication does not work this way.
>
> Side note about this for my own education. Can you fill in the blanks?
> Because I know what is there is accurate, just not complete.
I do not understand what you ask me to do. Do you want me to explain the ssh
public-key authentication? I already explained in very short, if you want
more detail, you better look into the rfcs, because I would basically copy it
to add more detail:
1st phase: create a session encryption key and a uniqe session identifier
(hash H in the rfc):
http://www.ietf.org/rfc/rfc4253.txt
page 22 lists all the information that the hash is computed of which includes
the host key
2nd phase: authentication:
The clients signs the hash H from above and some other information like the
user name and sends it to the server, a full list of the signed information
can be found on page 9 of rfc 4252:
http://www.ietf.org/rfc/rfc4252.txt
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/7a313d59/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list