ssh public key authentication

From: "Markus Kovero" <markus.kovero@xxxxxxxxx>
Date: Fri, 15 Feb 2008 12:07:03 +0200

Hi, I'm asking around is it possible to hijack clients rsa/dsa private key if ssh-daemon is modified by someone who has evil means. I thought this was good place to ask, so here it goes.

From what i've heard so far is that daemon sends signing request to the

client and clients signs request using private key and sends answer back to the daemon which verifies authentication using public key.

Is this how it really happens, eg. there is no possibility whatsoever that client would ever send its private key to server that has possibly infected sshd running?

Yours
Markus Kovero

Follow-Ups:
- Re: ssh public key authentication
  - From: Robert Hajime Lanning

Prev by Date: Authentication to SSHd server
Next by Date: SSH Key Exchange Algorithm
Previous by thread: Authentication to SSHd server
Next by thread: Re: ssh public key authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: Key Management
... that can be built into ssh to manage keys. ... > the private key, is that it should never leave the user's hands. ... > definitely shouldn't be shared via any broadcast system such as LDAP or NIS ... all SSH clients could use them, we might come close to this (but even ...
(comp.security.ssh)
Re: Loss of TLS private key - are there any published real life cases ?
... designed in a way that currently requires the same RSA private key to ... authentication doesn't require the server and client keys to be the ... then let the server generate a key and let the clients ... Install the CA certificate everywhere. ...
(sci.crypt)
Re: Is it possible to move private SSH keys to new server?
... Since the known_hosts file exists on the clients, ... modify every machine in the company -- a huge task, ... there is some way we could simply transfer the private key from one server ... >> the SSH directory with all the proper ownership and permissions. ...
(linux.redhat)
Can I move the private key from one server to another?
... We need to replace a Redhat 7.2 server with a RH9 box. ... Hundreds of SSH ... clients connect to the old machine. ... Is there any way to transport the old private key from the old machine to ...
(comp.security.ssh)
client certificates and private keys.
... I will be writting a web application that will accept certificates from ... What I really need is to get the private key from the client ... Clients that do not have the ... private key will not encrypted data. ...
(microsoft.public.dotnet.framework)