On Thursday, September 08, 2005 11:15:08 PM +0200 Juergen Schoenwaelder
<j.schoenwaelder@xxxxxxxxxxxx> wrote:
On Thu, Sep 08, 2005 at 04:40:55PM -0400, Sam Hartman wrote:
Authentication is sometimes symmetric; it is not in the case of
passwords. For authentication methods like public key or GSS, it is
reasonably symmetric.
The networking boxes I have access to all use password authentication
because they like to stick the password into RADIUS/TACACS...
I am not sure what "reasonably symmetric" means. Who authenticates
whom and in which way if the server establishes a connection to the
client with public key or GSS?
SSH servers don't establish connections to SSH clients.
An SSH server is authenticated as part of key exchange.
An SSH client is authenticated as part of user authentication.
In some cases, the same kinds of credentials can be used in either
direction. For example, an RSA key pair can be used either to authenticate
a host (as a host key) or to authenticate a user (via the publickey
userauth method). Similarly, if the Kerberos GSSAPI mechanism is used, the
same Kerberos principal can be used in either a client or a server role,
provided the Kerberos infrastructure is configured to allow such usage for
that principal.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@xxxxxxx>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf