Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > secureshell > 02 > 110075.html (Request Expert securityfocus.com Support)

RE: How to forbid empty passphrases?

From: <Robert.Baskerville(at)Vistorm.com>
Date: Wed Nov 27 2002 - 12:39:09 EST

 


The contents of this email and any attachments may be confidential. It is intended for the named recipient(s) only. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to any other person or make any copies. Vistorm monitor communications.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A small but important technical note....

> > is it possible to forbid users to login with keys using

This is all correct so far....

> The SSH client just sends the key to the server.

But that bit isn't.... then...

> It doesn't bother
> telling the server what it had to do in order to read the key,
> including any pass phrases, etc.

Do you need help?X

...this is absolutely correct too.

The private key NEVER leaves the client.

[Otherwise, wearing my Evil Sysadmin(tm) hat, I could harvest private keys using a modified sshd...]

The private key is used in order to sucessfully respond to a challenge created by the server using the users public key. Only the holder of the correct private key can sucessfully respond to the challenge.

Robert Baskerville

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: www.vistorm.com/pgp

iQGVAwUBPeUCqaLvtZXFYwUMAQLNrwv9GzwYh+Koou/ow2B4XVHOK2h/ykDuHG1Y n8mBVmkskb+woWlM1TmpbW093b0foq+aznB8tXye6XHlq0mevTURxxWY97gA9+Cl E0hQ97a3jiCHysHlmQg1qQZUHhokin2uEtbe+stOgYkAcJTm46QkC+7fpYUQ0/Pt PvXWhzArOgI8jNH1dQMjG9CP974AcUP+BnkBY7qmCiWMNxPLxWQAgv4gGOusTDTd IH6lxPwEAyiLyvNJSA+0wADAwEXlnzd5BAV0OT4mNOJLRuEHP9zE5UaJ9k3EezTD 5ow4AM0vge0fsjHj0vU9B8YlAKfLWLZxbIMhkUoXFg1t5H4P31iqWHptvAG8S4jg 03xE0gC22cfHeeF5ttahA11Hn6ORE2bczI8onBDLCk03SWeqySe7R0Lc9Az43RER DseiQwjOS+5dmhYPtO091UHfZ0uL91YeWFMiAedWEAv0/kDzQal06Ba/z/d07Gam ebzk/XJipJ6ucr5e2X6QwscYidib+FZ4
=TjTx
-----END PGP SIGNATURE-----


The contents of this email and any attachments may be confidential. It is intended for the named recipient(s) only. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to any other person or make any copies. Vistorm monitor communications.
Received on Thu Nov 28 11:34:56 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT

Do you need more help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library