Re: Which authenttication is better

From: Shing-Fat Fred Ma (fma@doe.carleton.ca)
Date: 11/23/02 

From: Shing-Fat Fred Ma <fma@doe.carleton.ca>
Date: 23 Nov 2002 22:38:12 GMT

Thanks for the clarification, Per.
 From using verbose mode, my ssh
is using RSA keys in protocol 2, which I'm
happy with (protocol 2 "obviously"
"better" than protocol 1, and RSA
better than DSA because of a supposed
vulnerability with DSA).

Fred

Per Hedeland wrote:

>In article <3DDF2DC3.9060404@doe.carleton.ca> Shing-Fat Fred Ma
><fma@doe.carleton.ca> writes:
>
>
>>#1:
>>Using protocol 2, am I to understand from the
>>man page that public key authentication is the
>>preferred way?
>>
>>
>
>I don't know why you think that, and I don't know the answer, since it
>depends on what exactly you mean by "preferred": The client has a
>predefined order that it will try authentication mechanisms in, and
>order that can be changed (as well as the list shortened) with
>PreferredAuthentications in the config file or on the command line.
>
>In some sense the first mechanism listed there is the "preferred" one,
>from the 3.4p1 man page it seems it is "hostbased". Which mechanism is
>"preferred" in a "general" sense isn't possible to answer, since it
>depends on many factors, e.g. required security, convenience, and last
>but not least personal opinion, of course... If one mechanism was simply
>"best" there would be no need for any others.:-)
>
>
>
>>#2:
>>They also say that "the
>>hostbased method" of protocol 1 is tried first,
>>but there are two "host" based methods. I
>>assume the obvious, that the one using
>>*known_hosts is used because the other one
>>is not secure (the one relying only on *hosts.equiv
>>or .[rs]hosts). Is this right?
>>
>>
>
>The question doesn't really make sense - the server config file
>determines whether the non-key-based one is allowed at all (by default
>it isn't). If it *is* allowed, it isn't any "more secure" to try the
>key-based one first - since if it fails, the non-key-based one will be
>tried anyway. But I think the ssh(1) man page makes it pretty clear that
>the non-key-based one is tried first with protocol 1.
>
>
>
>>#3:
>>Why would "the hostbased methods" be tried
>>before public key authentication? It seems like
>>the latter is more secure.
>>
>>
>
>See previous question - the order in which allowed mechanisms are tried
>doesn't have any real bearing on security. Thus it is determined by
>convenience/functionality - it doesn't make much sense to ask the user
>for a password / pass phrase (perhaps multiple times) and then let him
>in without using one.
>
>
>
>>#4:
>>I was presented with the server host's RSA
>>fingerprint to say "yes" or "no" to. To check
>>this fingerprint, I tried
>>
>> $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
>> ssh_host_rsa_key.pub is not a public key file.
>> $ ssh -l -f /etc/ssh/ssh_host_key.pub
>> SPAT_OUT_A_KEY_FINGERPRINT
>>
>>Which file is right one? I presumed the 1st one.
>>The fingerprint from the 2nd one didn't match
>>what I was presented.
>>
>>
>
>It depends on what protocol was being used, and of course on the server
>config file, which can name these files whatever it wants. But the
>default in OpenSSH is:
>
># HostKey for protocol version 1
>#HostKey /etc/ssh/ssh_host_key
># HostKeys for protocol version 2
>#HostKey /etc/ssh/ssh_host_rsa_key
>#HostKey /etc/ssh/ssh_host_dsa_key
>
>(i.e. version 2 can use either RSA or DSA; version 1 is always RSA).
>
>
>
>>#5:
>>Because of the error from the 1st keygen command,
>>I assumed it was commercial ssh format and tried:
>>
>> $ ssh-keygen -i -f /etc/ssh/ssh_host_rsa_key.pub
>>
>>It turns out that the file is not readable by
>>common users. Should it be, for the
>>purposes of extracting the fingerprint, which
>>in turn is for the purpose of confirming the
>>server host?
>>
>>
>
>Yes, it should be readable - or at least the server admin should
>"somehow" provide users that want it with the fingerprint or even the
>whole key (for installation on their clients). For the user to log in to
>the server and extract the fingerprint there isn't obviously useful,
>since that login session may already be compromised by a man-in-the-
>middle attack - i.e. it requires that the user has an alternate "secure
>path" (basically console connection) to the server.
>
>--Per Hedeland
>per@hedeland.org
>
> 

-- 
Fred Ma, fma@doe.carleton.ca
Carleton University, Dept. of Electronics
1125 Colonel By Drive, Ottawa, Ontario
Canada, K1S 5B6

Relevant Pages

  • Re: Which authenttication is better
    ... > PreferredAuthentications in the config file or on the command line. ... >>hostbased method" of protocol 1 is tried first, ... >>I was presented with the server host's RSA ... >>The fingerprint from the 2nd one didn't match ...
    (comp.security.ssh)
  • Re: Which authenttication is better
    ... PreferredAuthentications in the config file or on the command line. ... >hostbased method" of protocol 1 is tried first, ... The question doesn't really make sense - the server config file ...
    (comp.security.ssh)
  • Re: OpenSSH: which public keys are required/recommended?
    ... Just removing the Protocol entry obviously wasn't enough. ... >> corresponding key pairs, rsa or dsa, is present. ...
    (comp.security.ssh)
  • Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange?
    ... The answer "ssh2 uses Diffie-Hellman because ... that is what protocol demands" is certainly a right answer. ... RSA key transferring would make one party responsible for generating ... > methods -- what is used depends on what methods the client and server have ...
    (comp.security.ssh)
  • Re: 128bit RSA public key - time to break?
    ... Currently the protocol uses no authentication ... >>My understanding is ECC is typically more secure than RSA in regards to ... > have resources to do 512 rsa for example (thats not definitive but general ...
    (sci.crypt)