SSH publickey auth
Alexander Dalloz
ad+lists at uni-x.org
Sun Jul 10 14:14:57 UTC 2005
Am So, den 10.07.2005 schrieb Todd Wease um 2:40:
> On Fri, 2005-07-08 at 23:29 +0200, Alexander Dalloz wrote:
> [snip]
> > The
> > passphrase protects the pubkey, so that if someone gets the public key
> > into his hands he can not simply use it without knowing the nifty
> > sentence.
> >
> [snip]
> AFAIK the passphrase protects the private key. The client doesn't
> authenticate using the public key. The server sends a nonce or some
> other value encrypted with the client's public key which the client then
> decrypts with the corresponding private key and sends the server back a
> hash of this nonce/challenge. It's possession of the private key that
> enables authentication to succeed. Possession of a user's public key
> will not enable anyone to authenticate as that user.
>
> Todd
Thanks Todd for correcting me. I should have expressed differently, and
speaking about "pubkey" where I meant the whole process, the key pair
wasn't good. I said "public key" where I meant it. But you are right
that of course the private key - no as I said the public key - is
protected by the passphrase. The private key is the part of the key pair
which resides on the ssh client side while the public key part is placed
on the ssh server and named authorized_keys.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 16:06:21 up 14 days, 22:58, load average: 0.13, 0.13, 0.09
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050710/286fee23/attachment-0001.sig>
More information about the fedora-list
mailing list