FAS and public Key auth
Till Maas
opensource at till.name
Thu May 22 14:40:31 UTC 2008
On Thu May 22 2008, Mike McGrath wrote:
> Client tries to ssh to Server A
>
> Server A generates a random number, encrypts it with pub, sends it to the
> client
>
> The client decrypts this number with private key and sends it back to A.
>
> Bam! Shell.
The public key authentication does not work this way.
> The guys in #openssh are saying this isn't possible but I wasn't convinced
> with their reason (basically that server B doesn't have server A's
> host keys). Can someone else explain why the above isn't possible?
To authenticate, the client needs to sign a session identifier (and some other
information) with his private key and send the signature to the server. The
session identifier is a hash of several data that includes the host key.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/abe7a3ea/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list