openssh uses Diffie-Hellman or RSA for sesssion key exchange?

• Next message: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Previous message: Lawrence Cheong: "Re: idle-timeout in openssh"
• Next in thread: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Reply: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Reply: Richard E. Silverman: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: seberino@spawar.navy.mil (Christian Seberino)
Date: 2 May 2002 19:44:09 -0700

I just tried to ssh (using ssh2 protocol) to a Linux machine
and got this...

(seberino /home/seberino) % ssh -2 mrbrown.ucsd.edu
The authenticity of host 'mrbrown.ucsd.edu (132.239.170.67)' can't be established.
RSA key fingerprint is 0c:94:9a:c3:4e:70:9e:0e:2a:7f:60:f6:a0:f9:65:d7.
Are you sure you want to continue connecting (yes/no)?

I did not tweak default config so doesn't this prove
that ssh uses RSA by default (at least just for authentication)???

In broad terms here are 3 steps of new ssh connection as far as I can tell:

1. RSA for authentication
2. secure *symmetric key* exchange
3. secure comms with symmetric algorithm
 
Since I just proved beyond a shadow of a doubt RSA is used in
step #1 it would be exceedingly strange for Diffie-Hellman
to be used in step #2.
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Does OpenSSH use Diffie-Hellman for step #2??

Is the "session key"
the same thing as the "symmetric algorithm key"????

Can one choose to use RSA for step #2?? openssh docs seemed
to imply Diffie-Hellman was always used.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Chris

--

• Next message: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Previous message: Lawrence Cheong: "Re: idle-timeout in openssh"
• Next in thread: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Reply: Neil W Rickert: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Reply: Richard E. Silverman: "Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: ssh authentication with RSA SECURID ... I used to work for RSA and am now an independent consultant with some 10 ... SecurID integrations with SSH for US based customers. ... SFTP, without any authentication! ... Integrate the ACE/Agent APIs directly with the SSH source code. ... (SSH) Re: SSH on PIX firewall ... Configuring PIX to Accept SSH Connections ... Our first task is to generate an RSA public/private key pair to use to ... Specify what hosts are allowed to SSH to the PIX and set the SSH ... Set the enable password and Telnet password. ... (comp.security.firewalls) OpenSSH_3.0.2p1 root cannot login with password ... Root can only ssh in with RSA, ... It almost seems as if it's thinking that "Password Authentication" is ... files or program output, but since I bet I'm just missing something, ... (comp.security.ssh) Re: OT: Security.... ... Don't use port 22. ... Disable password authentication and use RSA, ... If you only need SSH access from specific locations, ... (Fedora) Re: ssh authentication with RSA SECURID ... Re-compile ssh to include RSA SecurID support. ... Management wants ssh used instead of telnet. ... > The problem is when I log into the 150 using ssh the ace authentication is ... (SSH)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint