[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Q: RSA Authentication vs. Password Authentication in SSH

on Mon, Nov 20, 2000 at 09:22:16AM +1100, Brian May (bam@debian.org) wrote:
> >>>>> "Dave" == Dave Sherohman <esper@sherohman.org> writes:
>     Dave> OK, now you's lost me...  I thought the big advantage of
>     Dave> public keys was exactly that - they're public.  You don't
>     Dave> have to worry about transferring them securely, so long as
>     Dave> the corresponding private key remains safe.
> Yes. You are correct. The key can be public.
>     Dave> To map this onto the specific case at hand, ssh, if you were
>     Dave> to obtain my public ssh key, the worst thing that could
>     Dave> result from this interception is that you could add it to
>     Dave> your list of authorized_keys and allow me to freely use your
>     Dave> account - which is a detriment to the person intercepting
>     Dave> the key, not the person owning it.  (I'm ignoring the
>     Dave> possibility that you might try to factor the public key, as
>     Dave> doing so is generally considered to be a practical
>     Dave> impossibility for the foreseeable future.)
> However, you are incorrect here. The worse case situation is that I
> can intercept your public key *and* replace it with my own, meaning I
> can use now use *your* account. Just because the key is "public"
> doesn't mean you can freely transfer it without regard to security
> :-(.


  - I establish a private RSA authentication key for ssh.
  - I send the corresponding public key to remoteserver.
  - You intercept the transmission and replace my public key with yours.

I can now:

  - *Not* access the host I'd intended to provide access to (wrong
    public key).
  - Possibly be tricked into accessing a host of your chosing via your

...though this is a rather byzantine attack, and not particularly
useful, IMO.

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpIDkJgl7OHU.pgp
Description: PGP signature

Reply to: