Re: Host Key uniqueness
From: Neil W Rickert (rickert+nn_at_cs.niu.edu)
Date: 03/26/04
- Next message: Darren Tucker: "Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup"
- Previous message: Kapil: "Problem with using same dsa hostkeys on 2 different machines, one of which is backup"
- In reply to: José Arango: "Host Key uniqueness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Mar 2004 05:37:33 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=?ISO-8859-1?Q?Jos=E9?= Arango <arango@caribe.net> writes:
>I'm learning about ssh. I still don't have clear the host key technique. I
>know its purpose. I just would like to know what prevents server YYY from
>taking server XXX's host key...so that when server YYY tries to impersonats
>XXX server...all of its (ssh-client) users would connect to YYY without
>noticing that in fact is another server.
Hopefully, YYY cannot get to XXX's host key. It would need both the
private key and the public key. Although the public key is readily
available, it should be impossible to get the private key unless
there is a way of gaining root access on XXX.
>Another example, If I connect to server XXX, I'll have the server host key
>in my .ssh directory. Can I just take that key and configure my SSHD so it
>will use that key as my host key?
You only have the public key. You would also need the corresponding
private key to make this work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)
iD8DBQFAY8J2vmGe70vHPUMRArsNAJ9lNYl4lUsK/c+FIynV/Pg4iLX5VgCg/CPP
TzkNAaTXJycnuqPPLd3rmnE=
=XQrF
-----END PGP SIGNATURE-----
- Next message: Darren Tucker: "Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup"
- Previous message: Kapil: "Problem with using same dsa hostkeys on 2 different machines, one of which is backup"
- In reply to: José Arango: "Host Key uniqueness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
