Re: SSH ServerKeyBits

To: debian-user-german@lists.debian.org
Subject: Re: SSH ServerKeyBits
From: Jens Schüßler <jgs@trash.net>
Date: Fri, 22 Jul 2005 17:53:18 +0200
Message-id: <[🔎] 20050722155318.GB19415@home.sge.kicks-ass.org>
In-reply-to: <[🔎] 42E1069C.7000906@gmx.de>
References: <[🔎] 42E0E65D.9070709@gmx.de> <[🔎] 20050722132703.GA2328@kaufbach.delug.de> <[🔎] 42E0FA8D.2070700@gmx.de> <[🔎] 20050722143317.GA14485@webserv.wug-glas.de> <[🔎] 42E1069C.7000906@gmx.de>

* Saskia Whigham <debianliste@gmx.de> [22-07-05 16:45]:
> Der key wird _einmalig_ generiert. ?????? Und warum steht bei google unter 
> KeyRegenerationInterval das der Server Key beim Start und nach eine 
> bestimmten Zeit neu genriert wird. Wird er nun einmal bei meiner 
> Erstellungmit ssh-keygen ....... erstellt oder wird er immer wieder neu 
> erstellt? Was ist nun richtig


Vielleicht mal zum besseren Verständnis was da abläuft.
Aus O'Reilly SSH:

---
User key
        A persistent, asymmetric key used by clients as proof of a
user's identity. (A single user may have many keys/identities.)

---
Host key
        A persistent, asymmetric key used by a server as proof of its
identity, as well as by a client when proving its host's identity as
part of trusted-host authentication. [Section 3.4.2.3] If a machine runs
a single SSH server, the host key also uniquely identifies the machine.
(If a machine is running multiple SSH servers, each may have a different
host key, or they may share.) Often confused with the server key.

___
Server key
        A temporary, asymmetric key used in the SSH-1 protocol. It is
regenerated by the server at regular intervals (by default every hour)
and protects the session key (defined shortly).  Often confused with the
host key. This key is never explicitly stored on disk, and its private
component is never transmitted over the connection in any form; it
provides "perfect forward secrecy" for SSH-1 sessions. [Section 3.4.1]

____
Session key
        A randomly generated, symmetric key for encrypting the
communication between an SSH client and server. It is shared by the two
parties in a secure manner during the SSH connection setup, so that an
eavesdropper can't discover it.  Both sides then have the session key,
which they use to encrypt their communications.  When the SSH session
ends, the key is destroyed.

___
SSH-1 uses a single session key, but SSH-2 has several: each direction
(server to client, and client to server) has keys for encryption and
others for integrity checking. In our discussions we treat all SSH-2's
session keys as a unit and speak of "the session key" for convenience.
If the context requires it, we specify which individual key we mean.



man sshd_config verrät dir auch noch folgendes:
 KeyRegenerationInterval 
In protocol version 1, the ephemeral server key
            ^^^^^^^^^^
is automatically regenerated after this many seconds (if it has been
used).  The purpose of regeneration is to prevent decrypting captured
sessions by later breaking into the machine and stealing the keys.  The
key is never stored any- where.  If the value is 0, the key is never
regenerated.  The default is 3600 (seconds).

HTH
Jens

Reply to:

References:
- SSH ServerKeyBits
  - From: Saskia Whigham <debianliste@gmx.de>
- Re: SSH ServerKeyBits
  - From: Andreas Kretschmer <andreas_kretschmer@despammed.com>
- Re: SSH ServerKeyBits
  - From: Saskia Whigham <debianliste@gmx.de>
- Re: SSH ServerKeyBits
  - From: Andreas Kretschmer <akretschmer@despammed.com>
- Re: SSH ServerKeyBits
  - From: Saskia Whigham <debianliste@gmx.de>

Prev by Date: [OT] Re: Kappute Threads es ist mir doch selber peinlich
Next by Date: Re: AllowGroups SSH
Previous by thread: Re: SSH ServerKeyBits
Next by thread: Re: SSH ServerKeyBits
Index(es):
- Date
- Thread