FAS and public Key auth

Till Maas opensource at till.name
Thu May 22 21:04:28 UTC 2008

On Thu May 22 2008, Mike McGrath wrote:
> On Thu, 22 May 2008, Till Maas wrote:
> > On Thu May 22 2008, Mike McGrath wrote:
> > > Client tries to ssh to Server A
> > >
> > > Server A generates a random number, encrypts it with pub, sends it to
> > > the client
> > >
> > > The client decrypts this number with private key and sends it back to
> > > A.
> > >
> > > Bam!  Shell.
> >
> > The public key authentication does not work this way.
> Side note about this for my own education.  Can you fill in the blanks?
> Because I know what is there is accurate, just not complete.

I do not understand what you ask me to do. Do you want me to explain the ssh 
public-key authentication? I already explained in very short, if you want 
more detail, you better look into the rfcs, because I would basically copy it 
to add more detail:

1st phase: create a session encryption key and a uniqe session identifier 
(hash H in the rfc):
page 22 lists all the information that the hash is computed of which includes 
the host key

2nd phase: authentication:
The clients signs the hash H from above and some other information like the 
user name and sends it to the server, a full list of the signed information 
can be found on page 9 of rfc 4252:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/7a313d59/attachment.sig>

More information about the Fedora-infrastructure-list mailing list