Re: Telnet Security

["Eric G . Miller" <egm2@jps.net>]

On Sat, May 20, 2000 at 04:17:23AM -0400, Brian Clark wrote:
> John Bagdanoff said:
> If you use the authentication type "RSA" in conjunction with SSH instead of 
> authentication type "password", you'll need to exchange keys with the host 
> for it to be able to authenticate you.

If I understand correctly, it's more correctly described as a
cryptographic challenge rather than an exchange of keys.  That is, on
the server you have a public/private key pair, and the sshd uses your
public key to encrypt some random bytes.  Your client then uses your
private key (which must exist on the client machine) to decrypt the
random data (prompting you for the passphrase).  The client then sends
this data back (over the already encrypted channel) to verify that you
are who you say you are.  If the returned decrypted bytes don't match
what the server sent, then authentication fails.

> SecureCRT, I know, has this feature. There's a nice help file to guide you 
> step by step. But as some of us know, SecureCRT isn't a free SSH client 
> (but, IMVHO, it's worth every penny).
> 
> I just use type "password"; I used to use RSA until I got sick of going 
> through the process of exchanging keys. Who knows what's "better," but I 
> sure as heck know it's better than Telnet. :-)
> 

-- 
¶ One·should·only·use·the·ASCII·character­set·when·compos­

» ing·email·messages.