[Sderby] SSH
David Jolley
sderby at mailman.lug.org.uk
Wed Oct 16 22:43:01 2002
* Mini Mike (hemstock@tiscali.co.uk) wrote:
> Quick question: Does anyone know if it is possible to stop an SSH server
> giving out it's public key? The logic is that with the advent of USB flash
> drives, one can add an extra layer of secuirty by keeping the key away from
> the public ensuring only the holder can communicate with the SSH server.
>
I'd have thought, seeing as how the first of the esses in ssh is done
by public key cryptography, wouldn't it sorta defeat the object of
the exercise to stop it giving out a public key, and thereby perform
secure communications?
This is the same mechanism all the protocols that pretend to do a
secure channel communication do it. It simply *can't* be done without
keys. And by definition, it's safe to shout your public key from the
rooftops. Heck, my PGP public key is on my website and the keyservers
for all to see.
Are you talking about at the authentication stage, when you present
data encrypted to the server for it to check your identity? But even
then, the key to do the decoding is your (public) key in your home
directory. You would, by definition be carrying around your private
key, which was used to encrypt the challenge packet.
Have I missed your point?
Cheers,
Dave.
--
Pieces of seven! Pieces of seven!
Halt on critical fault: Parroty error.