Re: OpenBSD SSH in potato.

To: debian-user@lists.debian.org
Subject: Re: OpenBSD SSH in potato.
From: Ethan Benson <erbenson@alaska.net>
Date: Thu, 10 Feb 2000 18:10:54 -0900
Message-id: <[🔎] 20000210181054.C27867@plato.localdomain.local>
In-reply-to: <[🔎] 20000211014711.A17666@dreamland.dyndns.org>; from csthf99@alumni.ust.hk on Fri, Feb 11, 2000 at 01:47:11AM +0800
References: <[🔎] 20000211014711.A17666@dreamland.dyndns.org>

On Fri, Feb 11, 2000 at 01:47:11AM +0800, Ronald Tin wrote:
> I just noticed a strange thing....
> 
> In the default /etc/ssh/sshd_config there is a line "ServerKeyBits 768",
> however, the post-installation script creates a key with 1024 bits.
> 
> I thought the ServerKeyBits option should correspond to
> the host key as generated by the script?
> 
> Is it a bug, or did I misunderstood something?

different keys, the hostkey is used to verify the host is who it says
it is, how that works is the first time a client connects its given
the public host key (it would be more secure to get this directly from
the admin but...) the client then encrypts a random token with that
public key and sends it to the server, if the server sends the
decrypted token back the client knows the server is who it says it is
(this of course assumes you did not get a bogus public key in the
first place)

ServerKeyBits refers to the encryption key that is generated on the
fly when sshd starts its used to actually encrypt the session traffic.
its never saved to disk and is regenerated every hour or so (defined
in sshd_config as well) 

-- 
Ethan Benson

Reply to:

References:
- OpenBSD SSH in potato.
  - From: Ronald Tin <csthf99@alumni.ust.hk>

Prev by Date: Re: time/clock configu
Next by Date: Re: time/date problems
Previous by thread: OpenBSD SSH in potato.
Next by thread: resolving conditional packages
Index(es):
- Date
- Thread