Re: Using SSH2 private key to sign a file

From: Mike (info_at_redterra.net)
Date: 05/14/03

• Next message: jef vratny: "Bad listen port"
• Previous message: Brian Pence: "Re: putty and telnet proxy"
• In reply to: Simon Tatham: "Re: Using SSH2 private key to sign a file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 14 May 2003 23:20:46 +0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, I see. Thanks for the suggestion.
"Think outide the box"

Mike

Simon Tatham wrote:
| Mike <info@redterra.net> wrote:
|
|>Given that there is already a 'master account' used to perform
|>replication from a central central server, the public key is already
|>deployed to the remote servers for SSH authentication. It would seem
|>quite elegant to use the same key pair for signing and verification of
|>these packets.
|
|
| Fair enough; so it's just a matter of saving the effort of
| distributing another public key to all the machines.
|
| In that case, I suspect you'd be better off just distributing
| another key, because that would cost less effort than writing custom
| software to sign a file with a host key :-)
|
| Alternatively ... you could use the host key to verify the integrity
| of the file in a different way. When the client machine receives a
| file, could it SSH to the server (thus using the host key to verify
| it's talking to the right machine) and get the server to return it
| the md5sum that the file _should_ have? Then you could check that
| against the md5sum of the file you've actually got, and you have
| your integrity check with no software development required.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+wl7MxBMQ1XlKZNARAmXdAJ4gJNqfz10kklnai6RCUORTsXIsWACcD2bZ
AhMgp2S4yXSICArU5aB77fw=
=UhBf
-----END PGP SIGNATURE-----

---

• Next message: jef vratny: "Bad listen port"
• Previous message: Brian Pence: "Re: putty and telnet proxy"
• In reply to: Simon Tatham: "Re: Using SSH2 private key to sign a file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Intrusion or not ... You need GnuPG to verify this message ... > didn't change any host key and i never got that message before. ... that the server was restarted 2 times last night. ... Investigate why, logrotate from cron might be a reason, but not ... (comp.security.ssh) Re: Intrusion or not ... You need GnuPG to verify this message ... > didn't change any host key and i never got that message before. ... that the server was restarted 2 times last night. ... Investigate why, logrotate from cron might be a reason, but not ... (comp.os.linux.networking) Re: xp home drive mapping to 2003 server ... Biggest losses by NOT upgrading from Home to professional if you in a Active ... Mike Brannigan ... > You probably figured out that the reason I am asking is because my client> is going to a 2003 server and I am wondering if it is absolutely necessary> to upgrade the XP Home computers. ... Such as,> any consequences with DNS, Symantec Antivirus Corporate Edition, etc.? ... (microsoft.public.windowsxp.security_admin) Re: HW for SBS 2008 - advice? ... Mike wrote: ... Yesterday I moved my Backup Exec install off the C drive partition, ... As for server speed, given enough RAM always put your money into the ... with a six disk array (36Gb 15K drives), ... (microsoft.public.windows.server.sbs) Re: Which Domain Controller setup should I use? ... You have one forest root domain. ... > my server, then instead of setting my server as DC for forestroot.net, I ... As I said if you have an existing DNS namespace registered externally one ... Mike Brannigan ... (microsoft.public.windows.server.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)