That is what happens. Private key never leaves the client machine.
On Feb 15, 2008 2:07 AM, Markus Kovero <markus.kovero@xxxxxxxxx> wrote:
> Hi, I'm asking around is it possible to hijack clients rsa/dsa private key
> if ssh-daemon is modified by someone who has evil means. I thought this was
> good place to ask, so here it goes.
>
> From what i've heard so far is that daemon sends signing request to the
> client and clients signs request using private key and sends answer back to
> the daemon which verifies authentication using public key.
>
> Is this how it really happens, eg. there is no possibility whatsoever that
> client would ever send its private key to server that has possibly infected
> sshd running?
>
> Yours
> Markus Kovero
>
>
--
And, did Galoka think the Ulus were too ugly to save?
-Centauri
