Re: Tectia SSH and use with a CA
- From: "rhino007_us@xxxxxxxxx" <rhino007_us@xxxxxxxxx>
- Date: 25 Oct 2006 09:54:16 -0700
I was in a discussion with someone yesterday about SSH and how
certification works with a
Certificate Authority. A couple of points could use a little
clarification.
When a new SSH client sends a request to transmit data to the SSH
Server for the first time does it's request include it's (the SSH
client's) certificate which includes it's own
public key inside, and the CA's digital signature as proof of who it
is? Or does the SSH Server ask the CA to validate the client?
Someone suggested that the SSH Server would not need to talk to the CA
at all, and that it
would simply respond to the SSH client directly. I know that without a
CA someone
would have had to put the clients public key on the server and visa
versa, and away we
go. His point is beginning to make sense to me, as it would save a lot
of overhead.
With a CA I had thought the SSH server would need to check with the CA
and the CA
would validate the client, and send the SSH Servers public key to the
client along with it's own digital signature proving it is the valid CA
to the client.
I can see the other persons point that it is reasonable that when the
SSH client was
brought online and entered into the CA lists of valid hosts does the CA
send
this info out to the SSH Servers, preinforming them about the new SSH
client?
I have RTFM for many hours at this point, at www.ssh.org, and
Wikipedia, RSA, etc.
Cheers, Rhino
.
- Follow-Ups:
- Re: Tectia SSH and use with a CA
- From: Darren Dunham
- Re: Tectia SSH and use with a CA
- From: Darren Dunham
- Re: Tectia SSH and use with a CA
- References:
- Tectia SSH File Transfer
- From: Tim Slattery
- Re: Tectia SSH File Transfer
- From: Tim Slattery
- Tectia SSH File Transfer
- Prev by Date: Re: Tectia SSH File Transfer
- Next by Date: Re: Tectia SSH File Transfer
- Previous by thread: Re: Tectia SSH File Transfer
- Next by thread: Re: Tectia SSH and use with a CA
- Index(es):
Relevant Pages
|
|
