Authentication

25/08/2007, 23h14

So I understand the DSA/RSA authentication procedure and how it
provides authenication of a client from a servers perspective, but
what is there implemented in SSH to provide authentication of the
server from the clients perspective.? I know that on connection, the
server sends the client a key, identifying itself to the client. But
what prevents, a rogue client from grabbing the identification #, and
masking the servers IP, and setting up their own rogue server, with a
the same server id?
If this happend, the rogue server would most liekly not have he public
key of any client connecting to it, nor would any clients private keys
be comprimised b/c their keys are never transmitted. But the rogue
server, could present itself as the server u wanted. Is that left up
to the client to check, when they log in?

i.e: the client could place a file on the known good server, which
contains some text that only the client would know. then when they
logged in, they can authenticate the server, based on the existance
and content of the file, existing on the server.

26/08/2007, 16h52

>>>>> "NN" == Nate, Nano <nanonut@gmail.com> writes:

NN> So I understand the DSA/RSA authentication procedure and how it
NN> provides authenication of a client from a servers perspective, but
NN> what is there implemented in SSH to provide authentication of the
NN> server from the clients perspective.? I know that on connection,
NN> the server sends the client a key, identifying itself to the
NN> client. But what prevents, a rogue client from grabbing the
NN> identification #, and masking the servers IP, and setting up their
NN> own rogue server, with a the same server id?

The rogue server does not possess the corresponding private hostkey.

--
Richard Silverman
res@qoxp.net

26/08/2007, 16h52

>>>>> "NN" == Nate, Nano <nanonut@gmail.com> writes:

NN> So I understand the DSA/RSA authentication procedure and how it
NN> provides authenication of a client from a servers perspective, but
NN> what is there implemented in SSH to provide authentication of the
NN> server from the clients perspective.? I know that on connection,
NN> the server sends the client a key, identifying itself to the
NN> client. But what prevents, a rogue client from grabbing the
NN> identification #, and masking the servers IP, and setting up their
NN> own rogue server, with a the same server id?

The rogue server does not possess the corresponding private hostkey.

--
Richard Silverman
res@qoxp.net

25/08/2007, 23h14	#1
Nate, Nano Messages: n/a Hébergeur:	Authentication So I understand the DSA/RSA authentication procedure and how it provides authenication of a client from a servers perspective, but what is there implemented in SSH to provide authentication of the server from the clients perspective.? I know that on connection, the server sends the client a key, identifying itself to the client. But what prevents, a rogue client from grabbing the identification #, and masking the servers IP, and setting up their own rogue server, with a the same server id? If this happend, the rogue server would most liekly not have he public key of any client connecting to it, nor would any clients private keys be comprimised b/c their keys are never transmitted. But the rogue server, could present itself as the server u wanted. Is that left up to the client to check, when they log in? i.e: the client could place a file on the known good server, which contains some text that only the client would know. then when they logged in, they can authenticate the server, based on the existance and content of the file, existing on the server.

26/08/2007, 16h52	#2
Richard E. Silverman Messages: n/a Hébergeur:	Re: Authentication >>>>> "NN" == Nate, Nano <nanonut@gmail.com> writes: NN> So I understand the DSA/RSA authentication procedure and how it NN> provides authenication of a client from a servers perspective, but NN> what is there implemented in SSH to provide authentication of the NN> server from the clients perspective.? I know that on connection, NN> the server sends the client a key, identifying itself to the NN> client. But what prevents, a rogue client from grabbing the NN> identification #, and masking the servers IP, and setting up their NN> own rogue server, with a the same server id? The rogue server does not possess the corresponding private hostkey. -- Richard Silverman res@qoxp.net

26/08/2007, 16h52	#3
Richard E. Silverman Messages: n/a Hébergeur:	Re: Authentication >>>>> "NN" == Nate, Nano <nanonut@gmail.com> writes: NN> So I understand the DSA/RSA authentication procedure and how it NN> provides authenication of a client from a servers perspective, but NN> what is there implemented in SSH to provide authentication of the NN> server from the clients perspective.? I know that on connection, NN> the server sends the client a key, identifying itself to the NN> client. But what prevents, a rogue client from grabbing the NN> identification #, and masking the servers IP, and setting up their NN> own rogue server, with a the same server id? The rogue server does not possess the corresponding private hostkey. -- Richard Silverman res@qoxp.net

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email