[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH revised

From: Lluis
Subject: Re: SSH revised
Date: Fri, 24 Mar 2006 17:11:28 +0100
User-agent: Mutt-ng devel-r782 (based on Mutt 1.5.11/2005-09-15)

El Fri, Mar 24, 2006 at 04:28:03PM +0100, Bas Wijnen ens deleità amb les 
següents paraules:

> The easy part is that the system doesn't have access to the encryption keys. 
> If the ssh public key was transferred to the user via a separate channel, the 
> system cannot snoop the connection.  That's because the user code does the 
> decryption, the system code only transports the encrypted data.

well, in current ssh, the session private key is a system-global one

and I don't know the real process, but this can't work if the current ssh 
clients first handshake on a way to encrypt the session and after that is 
when the client gives the username and password

I mean, when the user server gets the connection, it is already encrypted, 
so unless a re-negotiation of session encryption takes place, any of the 
programs that handled that connection cap. to the user server could be 
snooping on it...

am I wrong?

Read you,

 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Listening: Van Halen (The Best Of Both Worlds) - 09. Pista 09

reply via email to

[Prev in Thread] Current Thread [Next in Thread]