× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2007

SSH and public key authentication (was: looking for SFTP utility)

Scott Klement wrote on 12/01/2007 08:17:32 PM:


But it seems weird.  If you 
can work with someone's public key (which also means that to decrypt, 

you 

have to have the private key) then what good is the password?  Certainly 



doesn't add any security. 


This got me thinking - how is a public key any guarantee of identity?  I 
mean, it's the public key, right?  So in theory I should be able to let 
anyone know my public key.  So, I looked up the OpenSSH man page.  The 
manual goes into some detail about how a session key is decided upon for 
both SSH1 and SSH2.  Then it says:  "Finally, the server and the client 
enter an authentication dialog. The client tries to authenticate itself 
using host-based authentication, public key authentication, 
challenge-response authentication, or password authentication."  The 
manual then fails to give any further information about what this 
authentication dialog entails.  I finally found the information in the RFC 
for the SSH protocol.  See http://www.free.lp.se/fish/rfc.txt

So, public key authentication goes something like this:
client:  my public key is pubKeyA
server:  pubKeyA is a recognized host.  Here is a random sequence 
encrypted with pubKeyA.
client:  here is your random sequence in plaintext.

Scott, is that what you mean by your comment "which means that to decrypt, 
you have to have the private key"?  I realized this is paraphrasing quite 
a bit, there are some other steps involved, but this gets the idea across. 
 I have to agree with Scott that the requirement of both public key and 
password authentication somewhat redundant.  Not only that, it also seems 
to break the SSH standard protocol.

Attention:

The information contained in this message and or attachments is 
intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon, this 
information by persons or entities other than the intended recipient is 
prohibited. If you received this message in error, please contact the sender 
and 
delete the material from any system and destroy any copies. Thank you for your 
time and consideration.

Attention: 

Le contenu de ce message et(ou) les fichiers ci-joints s?adressent 
exclusivement à la personne ou -entité à laquelle ils sont destinés. Ils 
peuvent 
contenir de l?information confidentielle, protégée et(ou) classifiée. Il est 
strictement interdit à toute personne ou entité autre que le(la) destinataire 
prévu(e) de ce message d?examiner, de réviser, de retransmettre ou de diffuser 
cette information, de prendre une quelconque action en fonction ou sur la base 
de celle-ci, ou d?en faire tout autre usage. Si vous avez reçu ce message par 
erreur, veuillez communiquer avec l?expéditeur(trice), supprimer ce message et 
les fichiers ci-inclus de tout système, et en détruire toutes copies, qu?elles 
soient électroniques ou imprimées. Nous vous remercions de votre entière 
collaboration.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.