FAS and public Key auth

Till Maas opensource at till.name
Fri May 23 09:02:32 UTC 2008

On Thu May 22 2008, Toshio Kuratomi wrote:

> It seems like this would be open to attack in the special case where the
> user has never logged into 1) The server they think they're connecting
> to 2) The machine the malicious server is actually trying to
> authenticate them against.  In this scenario the client doesn't have
> host keys for either of the remote machines so it's unable to verify
> that the malicious server is lying to it.

This is also not possible with public key authentication, because the server 
needs to create a signature with the host key when the session encryption key 
is generated. In case the attacker forwards the network traffic in this phase 
to the other server, he will not be able to decrypt the authentication phase. 
If he uses its own host key, then the signature used for authentication will 
not be accepted by the other server.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080523/8a129527/attachment.sig>

More information about the Fedora-infrastructure-list mailing list