Tomas Kuthan <tomas.kuthan <at> oracle.com> writes: > > On 03/ 6/14 04:02 PM, Stephen Harris wrote: > > Am I correct in assuming that the user and host public/private keys used > > in openSSH are only used for authentication (is the remote server known to > > be X, is this Harry trying to login), and have no role in the encryption? > > > > I was under the assumption that each connection used a newly generated > > key (using DH for key exchange) so each session was unique. > > > > (I believe this because the transport layer needs to be set up before > > user keys are even presented, and rfc4253 #6.3 doesn't mention the host > > key). > > > > I'm being asked to provide private keys to allow network sniffing > > (problem analysis) but I'm not sure this is the right thing to do > > because I'm not convinced these keys are used as part of the encryption! > > > > Thanks... > > > > Hi Stephen, > > your understanding is correct. > In DH key exchange, server's private key is used by the server to create > a signature of exchange hash and the public key is used by the client to > verify this signature. > To eavesdropper these keys have no value, because they are not able to > deduce the session key, nor the exchange hash. > > Tomas > I am glad people are curious about the role things like host keys have (or don't have) in kexinit, transport, etc. Especially timely given recent (and not so recent) descriptions of side-channel attacks against algorithms such as OpenSSL ECDSA signing. A detailed flow diagram might speak a thousand words. Anyone have something like that handy? Note: these terms can get a little tricky but OpenSSH distinguishes between "host" keys and ephemeral "server" keys used in SSH1 mode. Excuse the pedantry. --mancha _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
