Is it possible to steal your SSH key?
Mike
azmr at earthlink.net
Mon Feb 26 06:07:12 UTC 2007
On Mon, 26 Feb 2007, Peter Kiem wrote:
> Hi,
>
> Just wondering something...
>
> If you connect to a compromised server using SSH keys (not passwords) is it
> possible for the compromised server to record your SSH key so they can use it
> on other servers you log into?
>
> Opinions?
>
>
Nope, at least not directly. When you log in your private key is not sent
to the server. Instead signed data is sent to the server. The signature
is then verified with the corresponding public key on the server. In the
case of a compromised server the best a would be thief would have is data
and a signature. Determining the private key with this info is basically
deemed cryptographically infeasible.
More information about the fedora-list
mailing list