Re: DSA authentication under SSH

From: "res@xxxxxxxx" <pseudometric@xxxxxxxxx>
Date: 25 Dec 2006 16:11:31 -0800

"J" == J Sommers <jsommers@xxxxxxxxxxxxxx> writes:

J> For this kind of authentication, SSH clients send the basic DSA
J> parameters (p, q, y and g) to the server, plus the signature (r
and
J> s). My question is, what is the message being signed?

J> If I understand it correctly, both client and server must have
J> access to the message - the client, to create the signature, and
J> the server, to verify the signature. However, it is not at all
J> clear to me what message is being used during the authentication
J> process. Can anyone help?

This question is best answered by reading RFC 4252. From section 7:

To perform actual authentication, the client MAY then send a
signature generated using the private key. The client MAY send the
signature directly without first verifying whether the key is
acceptable. The signature is sent using the following packet:

byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string public key algorithm name
string public key to be used for authentication
string signature

The value of 'signature' is a signature by the corresponding private
key over the following data, in the following order:

string session identifier
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string public key algorithm name
string public key to be used for authentication

Of course, you need to read the rest to understand what all these
things
are. In short, the key element here is the "session identifier." This
is
a value produced by the key exchange, with two important properties: it
is
different for every SSH connection, and its value cannot be forced by
either side. This makes it effective in countering man-in-the-middle
attacks. The encapsulating SSH transport protocol does this as well
during server authentication.

--
Richard Silverman
res@xxxxxxxx

.

References:
- DSA authentication under SSH
  - From: J. Sommers

Prev by Date: DSA authentication under SSH
Next by Date: Re: How to change rsync to run upon rsh ?
Previous by thread: DSA authentication under SSH
Index(es):
- Date
- Thread

Relevant Pages

Re: Reply with attachment macro
... the Insert -> Signature menu. ... Sub ReplyWithTemplateFromOutlook() ... Dim objReply As Outlook.MailItem ... Dim strSignatureText As String ...
(microsoft.public.outlook.program_vba)
Re: New Method for Authenticated Public Key Exchange without Digital Certificates
... > authentication protocol (say trivial radius or kerberos/windows login ... > where public key and digital signature replaces password). ... Legal signing needs an iterative establishing ... trust for one's public key and that dual use, with safe disclaimers, ...
(sci.crypt)
Re: Windows application key from a vendor
... much private mainframe owners interested in illegal operations, ... One is a longish key that in itself contains the licence information, ... The other is a plain text licence of some sort, plus a signature or hash so ... string changes very little with small predictable changes in e.g. the date. ...
(bit.listserv.ibm-main)
Verif CAPICOM generated signature in Java
... I have a simple text string whose digital signature has been generated ... // data to sign should reside in the content property of signeddata ... PublicKey publicKey = cert.getPublicKey; ...
(comp.lang.java.security)
Re: Error when I try to open cdrom programmatically
... private static extern long mciSendString(string lpstrCommand, ... unless you expect a rediculously long string. ... In fact I would rather use a StringBuilder in the signature. ... in which case the returnstring is initialized as follows ...
(microsoft.public.dotnet.framework.windowsforms)