[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FAS and public Key auth



On Thu May 22 2008, Mike McGrath wrote:
> On Thu, 22 May 2008, Till Maas wrote:
> > On Thu May 22 2008, Mike McGrath wrote:
> > > Client tries to ssh to Server A
> > >
> > > Server A generates a random number, encrypts it with pub, sends it to
> > > the client
> > >
> > > The client decrypts this number with private key and sends it back to
> > > A.
> > >
> > > Bam!  Shell.
> >
> > The public key authentication does not work this way.
>
> Side note about this for my own education.  Can you fill in the blanks?
> Because I know what is there is accurate, just not complete.

I do not understand what you ask me to do. Do you want me to explain the ssh 
public-key authentication? I already explained in very short, if you want 
more detail, you better look into the rfcs, because I would basically copy it 
to add more detail:

1st phase: create a session encryption key and a uniqe session identifier 
(hash H in the rfc):
http://www.ietf.org/rfc/rfc4253.txt
page 22 lists all the information that the hash is computed of which includes 
the host key

2nd phase: authentication:
The clients signs the hash H from above and some other information like the 
user name and sends it to the server, a full list of the signed information 
can be found on page 9 of rfc 4252:
http://www.ietf.org/rfc/rfc4252.txt

Regards,
Till


Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]