on Mon, Nov 20, 2000 at 04:08:26PM +1100, Brian May (bam@debian.org) wrote: > >>>>> "kmself" == kmself <kmself@ix.netcom.com> writes: > > kmself> Sorry? > > kmself> - I establish a private RSA authentication key for ssh. > kmself> - I send the corresponding public key to remoteserver. - > kmself> You intercept the transmission and replace my public key > kmself> with yours. > > I assume you intend to login to the remote server. That means that you > want to put your public key in authorised_keys (IIRC) on the remote > host. However, since I intercepted the message, my key goes in > authorised_keys instead. > > kmself> I can now: > > kmself> - *Not* access the host I'd intended to provide access > kmself> to (wrong public key). > > Correct up to here. > > kmself> - Possibly be tricked into > kmself> accessing a host of your chosing via your key. > > Incorrect. You are getting the *host*'s public key mixed up with > *your* public key. This is your public key we are talking about here > (or so I believe). > > Now that *my* public key is in authorised_keys on the remote host > (instead of your public key), I can now log into that remote host as > you. Doh! Brain fart. Thanks. Ok. So, to ensure key integrity, I do what? And, mind, I still discover quickly that I can't log in to my remote server as me, so I check my authorised_keys file.... ...assuming I have more of a brain than I did this morning. > The host's public key travels in the opposite direction, but lets not > complicate matters too much... -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpsVlWXqo7gM.pgp
Description: PGP signature