Re: public key authentication

• Previous message: Colin McKinnon: "Re: Is Putty a full replacement of the command line (openssh) client ?"
• In reply to: Anne & Lynn Wheeler: "Re: public key authentication"
• Next in thread: Anne & Lynn Wheeler: "Re: public key authentication"
• Reply: Anne & Lynn Wheeler: "Re: public key authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 21 Jul 2005 00:58:35 GMT

On 2005-07-20, Anne & Lynn Wheeler <lynn@garlic.com> wrote:
> 2) "something you have" authentication ... aka the originator has
> access to and use of the corresponding private key.

I disagree with this part. In general a private key is another instance
of "something you know", albeit one with the useful property of being
able to prove you know it without disclosing it to the other party.

The private key is usually just a collection of bits and can be
copied, disclosed or published.

If it was encapsulated inside, eg, a suitably tamper-proof smartcard
then it could form part of "something you have" (as you later noted).

The rest of the post is very good stuff, but my point is posession of
a particular private key only represents "something you have" in very
specific circumstances, and those circumstances aren't commonly present
in SSH deployments.

One could even view the ATM skimmers you refer to as converting "something
you have" factors (the card) into "something you know" (the content of
the magstripe), resulting in a significant weakening of the system.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Previous message: Colin McKinnon: "Re: Is Putty a full replacement of the command line (openssh) client ?"
• In reply to: Anne & Lynn Wheeler: "Re: public key authentication"
• Next in thread: Anne & Lynn Wheeler: "Re: public key authentication"
• Reply: Anne & Lynn Wheeler: "Re: public key authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: key not found in authorized_keys ... >I have two identical configurations, in one way, everything's OK (no pompt) ... Does the client in this case have the private key corresponding to the ... Good judgement comes with experience. ... (comp.security.ssh) Re: scp from cron fails ... >The problem is that when you log out your ssh-agent dies and with it ... >your cache'd private key. ... from the cron job, or use something like keychain that does this for you. ... Good judgement comes with experience. ... (comp.security.ssh)