Re: Encryption

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 03/ 6/14 04:02 PM, Stephen Harris wrote:
Am I correct in assuming that the user and host public/private keys used
in openSSH are only used for authentication (is the remote server known to
be X, is this Harry trying to login), and have no role in the encryption?

I was under the assumption that each connection used a newly generated
key (using DH for key exchange) so each session was unique.

(I believe this because the transport layer needs to be set up before
  user keys are even presented, and rfc4253 #6.3 doesn't mention the host
  key).

I'm being asked to provide private keys to allow network sniffing
(problem analysis) but I'm not sure this is the right thing to do
because I'm not convinced these keys are used as part of the encryption!

Thanks...


Hi Stephen,

your understanding is correct.
In DH key exchange, server's private key is used by the server to create a signature of exchange hash and the public key is used by the client to verify this signature. To eavesdropper these keys have no value, because they are not able to deduce the session key, nor the exchange hash.

Tomas
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux