On Mon, Oct 24, 2005 at 12:36:17PM +1000, Ian Mortimer wrote: > > This is not how ssh authentication works with public keys. > What happens is along this lines: I believe this is backwards. > the server sends a challenge to the client the server generates a challenge, and encrypts it with the public key (authorized_keys). > the client encrypts the challenge using the private key the client decrypts the encrypted challenge and sends it back, decryption requires the private key, not the public. Thus decrypting the challenge proves one possesses the private key. > the server decrypts the reply using the public key and tries > to match it against the challenge it sent. the server verifies the decrypted challenge sent back by the client is the same one it sent out. You can only encrypt with a public key, you cannot decrypt. > At no stage does the client send the public key to the server. true, the server already has the public key (its in authorized_keys). the client also never sends the private key to the server, it only sends the Comment string so the server knows which key in authorized_keys one wishes to use. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpX5SeUOc8DG.pgp
Description: PGP signature
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list