Question on the SSH-2 standard

From: "K. Jennings" <kjennings@xxxxxxxxxxxxxx>
Date: Sat, 02 Jun 2007 03:47:48 GMT

I am getting stuck trying to understand the nuances of the SSH-2
standard in a number of cases. For instance, in section 7 of RFC 4252,
when describing the client's response to an SSH_MSG_USERAUTH_PK_OK packet
received from the server, the RFC reads:

"To perform actual authentication, the client MAY then send a
signature generated using the private key. The client MAY send the
signature directly without first verifying whether the key is
acceptable."

So, since the client just MAY send a signature, what happens if
it doesn't? My assumption is that the authentication won't be successful,
and that the server will just drop the connection. Is this correct?

.

Follow-Ups:
- Re: Question on the SSH-2 standard
  - From: Simon Tatham

Prev by Date: Re: Multiple Private Keys
Next by Date: Re: Question on the SSH-2 standard
Previous by thread: Multiple Private Keys
Next by thread: Re: Question on the SSH-2 standard
Index(es):
- Date
- Thread

Relevant Pages

Re: how can we restrict what certificate WSE will use?
... > X509SecurityTokenManager to verify the request is from a trusted client. ... >> decrypte and signature validation process. ... >> in a request signed with his valid private key, ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Client Certificates Issue
... The client possesses the private key and never provides that to ... their private key in order to prove to the server that they are the "owner" ... The problem is that i need to generate a Digital Signature using the same ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Symantec AV signature corruption
... The vendor response on this issue may have been a bit light on detail ... Users logged in in the morning and applied dodgy sigs. ... Had to write script to manually rollback to last signature, ... Client accepted sigs silently, and effectively had zero viruses in the ...
(NT-Bugtraq)
Re: Public-key CD-KEY protocol (comments welcomed)
... The truncation makes verification impossible without ... Anything short of the full PK signature cannot be verified. ... > a) If this is the first connection: ... > client, that records it. ...
(sci.crypt)
Re: FTP strangeness
... So, it looks like SmartFTP is off the list as a client for VMS, Cerberus ... As demonstrated more than just VMS ftp servers do the latter - for situations ... In any case an FTP client should comply with the robustness principle of RFC ... A Server-FTP SHOULD use the reply codes defined in RFC-959 ...
(comp.os.vms)