Re: SSH revised

[Lluis]

El Fri, Mar 24, 2006 at 04:28:03PM +0100, Bas Wijnen ens deleità amb les 
següents paraules:

> The easy part is that the system doesn't have access to the encryption keys. 
> If the ssh public key was transferred to the user via a separate channel, the 
> system cannot snoop the connection.  That's because the user code does the 
> decryption, the system code only transports the encrypted data.

well, in current ssh, the session private key is a system-global one

and I don't know the real process, but this can't work if the current ssh 
clients first handshake on a way to encrypt the session and after that is 
when the client gives the username and password

I mean, when the user server gets the connection, it is already encrypted, 
so unless a re-negotiation of session encryption takes place, any of the 
programs that handled that connection cap. to the user server could be 
snooping on it...

am I wrong?

Read you,
  Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth
 
 Listening: Van Halen (The Best Of Both Worlds) - 09. Pista 09