Re: Is my ssh session encrypted?

• Previous message: Neil W Rickert: "Re: Is my ssh session encrypted?"
• In reply to: Neil W Rickert: "Re: Is my ssh session encrypted?"
• Next in thread: Larry Alkoff: "Re: Is my ssh session encrypted?"
• Reply: Larry Alkoff: "Re: Is my ssh session encrypted?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 May 2005 11:38:48 -0400

> Larry Alkoff <nobody@nowhere.com> writes:
> >Ssh to to another computer produces an error that "The authenticity
> >of host can't be established" but it connects if I answer "yes" to the
> >"are you sure" message.
>
> >Also with this new computer it did not ask for my passphrase even
> >though 'authorized_keys' has been copied over to the remote computer
> >by floppy to ~/.ssh. However I previously also did
>
> Did it ask for a login password?
>
> >ba@linda ~ $ ssh-agent $SHELL
> >lba@linda ~ $ ssh-add
> >Enter passphrase for /home/lba/.ssh/id_rsa:
> >Identity added: /home/lba/.ssh/id_rsa (/home/lba/.ssh/id_rsa)
>
> It seems that you were authenticated using public key authentication,
> with ssh_agent providing the authentication information on your
> behalf.
>
> >How can I tell if my communications to the remote computer are being
> >encrypted?
>
> You could snoop on the network traffic.

ssh -v will show encryption being negotiated & which cipher is in use.

> An ssh session is always authenticated, unless
>
> you went to a lot of trouble to setup an unauthenticated
> connection
> your version of ssh has support for unauthenticated
> connections.

Presumably Neil means "encrypted" here, not "authenticated."

> >What does the the sign-on message "authentiticity can't be
> >established" mean?
>
> It means that you (your ssh) could not verify the correctness of the
> host key of the site to which you connected.

Specifically, it means the public hostkey presented by the server is not
associated with that host in ~/.ssh/known_hosts or
/etc/ssh/ssh_known_hosts. Thus, the client has no way of verifying that
you're connecting to the right SSH server.

-- 
  Richard Silverman
  res@qoxp.net

• Previous message: Neil W Rickert: "Re: Is my ssh session encrypted?"
• In reply to: Neil W Rickert: "Re: Is my ssh session encrypted?"
• Next in thread: Larry Alkoff: "Re: Is my ssh session encrypted?"
• Reply: Larry Alkoff: "Re: Is my ssh session encrypted?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: sshd handing all authentication to shell ... >I would like to use SSH for transport only into an embedded device. ... >login/password authentication but since it is using SSH for transport, ... You don't state what SSH server you're planning to use, ... I believe that in principle a client should be able to request ... (comp.security.ssh) Re: SSH ... I'm connecting from different network eth0 is ... Subject: SSH ... your logged in username is the same as the SSH valid username then you ... Your FC5 SSH server has users john, mary, steve, and paul. ... (Fedora) Re[2]: anonymous ssh forwarding ... >> ssh server so that ssh server 'thinks' that I'm connecting from home? ... > So my approach is to find out how can I set something up on my home freebsd machine so that connecting to some port on it, it connects to www server ssh port. ... You could build up a VPN between your home and your ... (freebsd-questions) Re: cannot ssh to machine on lan when it has no internet connection ... > I'm thinking the SSH server is trying to do some DNS lookups and if you ... shouldn't stop them from connecting using SSH and if there's a bug ... I'm thinking dnscache would probably have to timeout on all the ... resolution towards that of authentication which seems to me to ... (freebsd-questions) Re: Reflexive firewalls? ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ... Commercial/Open Source Two-Factor Authentication ... (Security-Basics)