On 9/28/20 11:58 AM, Peter Stuge wrote:
karl.peterson@xxxxxxxxx wrote:
Why is the client's public key needed to connect to a server?
It isn't strictly needed if the connection does succeed in some cases..
Why doesn't the client present the requested identity first if the
public key is not present?
I guess that this is more by accident than anything else, but I agree
that it would be desirable to have the client behave the same in both
cases. It is both an unneccessary information leak and a potential
usability issue (as in your case).
For now you can use 'IdentitiesOnly yes' in .ssh/config to tell ssh
(thus also sftp) to only offer the explicitly configured identities.
Additionally, why is the public key portion of the private key file
encrypted by the passphrase?
The public key isn't stored in the private key file, it is
mathematically derived from the decrypted private key.
This is no longer true with the new OpenSSH key file format. But this
functionality using these public keys is very fresh.
Regards,
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
