Re: 'password-less' logins on solaris 2.5.1 boxen - subtle troubles.

From: Richard E. Silverman (res_at_qoxp.net)
Date: 01/15/05


Date: 14 Jan 2005 23:31:45 -0500


>>>>> "BU" == Bill Unruh <unruh@string.physics.ubc.ca> writes:

    BU> NONONONONO. You do NOT want to send them your private key as well,
    BU> UNLESS you have control of that machine and really want the root
    BU> on that machine to be able to read the private key and thus be
    BU> able to read everything.

Actually, having a user's private key would not enable an observer to read
SSH-encrypted data -- both it and the hostkey are used for authentication
only.

-- 
  Richard Silverman
  res@qoxp.net


Relevant Pages

  • Re: Proposal for a new PKI model (At least I hope its new)
    ... >two people acting in collusion to violate security (or at least ... storing the private key in your issuing CA or Web Server. ... >control of each team, so that a member of each team is required ... Insider attacks are a much greater source of loss ...
    (sci.crypt)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... CA's often require "dual control", ... Alpha and Team Bravo. ... The ultimate in dual-control is split-control signatures, ... > security guards, crack the thing open and steal the private key, and ...
    (sci.crypt)
  • Re: Pubkey integrity check
    ... So people could put keys in place that are not okay. ... >> If anybody other than the intended user of the key has access to the ... >> pair automatically has access to the private key. ... That's not up to you to be able to control. ...
    (comp.security.ssh)
  • Re: password-less logins on solaris 2.5.1 boxen - subtle troubles.
    ... > you have control of that machine and really want the root on that machine ... > to be able to read the private key and thus be able to read everything. ... spa1amlp> cat authorized_keys ...
    (comp.security.ssh)
  • Re: RSA vs AES
    ... >> lots of idiots that think like this. ... >attributed a weakness to Asymmetric Crypto which is really a weakness in the ... decipher all private keys of each user who uses that root CA. So yes, ... to talk about stealing the private key. ...
    (sci.crypt)