SSH1 ephemeral server key and SSH2 Diffie Hellman

From: mikhail malamud (mmalamud_at_comcast.net)
Date: 11/11/11

  • Next message: Phil Dibowitz: "encrypting authentication vs payload"
    Date: Thu, 10 Nov 2011 21:43:10 -0500
    To: secureshell@securityfocus.com
    
    

    Hi. I am new to SSH so forgive me if this question had been asked
    before.

    In SSH 1, sshd is using (optionally) an ephemeral server key which is
    used in conjunction with host key to establish session key between the
    client and the server.

    In SSH2, ephemeral server key is no longer used and Diffie Hellman is
    used instead to establish the session key. My questions are:

    1. What security concerns were mitigated/created by using ephemeral
    server key?
        1a. In SSH1 when say we re-created ephemeral server key, is this
    simply taking proactive security measures or were there known exploits
    that could ve been avoided had the key been re-created more often?
    2. How those risks were re-solved by using Diffie Hellman?

    I apreciate any help. Thank You.

    Mikhail.


  • Next message: Phil Dibowitz: "encrypting authentication vs payload"