SSH publickey auth
Todd Wease
wease1 at coldbrains.com
Sun Jul 10 00:40:55 UTC 2005
On Fri, 2005-07-08 at 23:29 +0200, Alexander Dalloz wrote:
[snip]
> The
> passphrase protects the pubkey, so that if someone gets the public key
> into his hands he can not simply use it without knowing the nifty
> sentence.
>
[snip]
AFAIK the passphrase protects the private key. The client doesn't
authenticate using the public key. The server sends a nonce or some
other value encrypted with the client's public key which the client then
decrypts with the corresponding private key and sends the server back a
hash of this nonce/challenge. It's possession of the private key that
enables authentication to succeed. Possession of a user's public key
will not enable anyone to authenticate as that user.
Todd
More information about the fedora-list
mailing list