Re: Explanation of SSH
From: Richard E. Silverman (res_at_qoxp.net)
Date: 07/01/04
- Previous message: Darren Dunham: "Re: stdout redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Jun 2004 22:22:05 -0400
> >No, this is wrong. First, be aware that there are two major versions of
> >the SSH protocol, 1 and 2. It sounds as if the description you read is of
> >SSH-1, which is unfortunate because SSH-1 is long since deprecated and
> >falling out of use (albeit slowly). In SSH-1, the "host key" is the
> >long-term asymmetric keypair used to identify an SSH server, while the
> >"server key" is an ephemeral keypair -- typically replaced once per hour
> >by the server, never stored anywhere, and used to provide forward secrecy
> >for the symmetric keying material.
>
> Can you clarify this a bit? Are you talking about SSH-1 when you say
> there are separate host key and server key, or are you talking about
> SSH-2?
SSH-1 -- which is why that portion of the explanation starts with the
phrase, "In SSH-1, ...".
> Does SSH-1 have hostkey=server key?
No; they are separate things as I described.
> Does SSH-2 have hostkey=server key? How do SSH-1 and SSH-2 differ in
> this regard, if at all?
SSH-2 with the most common exchange method simply does not have a "server
key;" it obtains forward secrecy on the session key via the Diffie-Hellman
algorithm.
> This is for curiousity only. The URL above describes SSH-2 but doesn't
> seem to mention any difference between a static host key and a
> constantly changing server key.
The URL contains links to complete descriptions of both SSH-1 and SSH-2.
-- Richard Silverman res@qoxp.net
- Previous message: Darren Dunham: "Re: stdout redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
