[Sderby] SSH

[Mini Mike]

The way I understand it, when you connect to an SSH server, it passes you=
 the=20
public key to encrypt the information you send to it.  you can then log o=
nto=20
the server securly.  I was thinking of opening port 22 on my server, so t=
hat=20
I can SSH in from the internet.  If I have 22 open, it means that people =
can=20
play the password guessing game.  Given that they don't know the userID, =
it=20
will be resonable secure, but I am thinking that if you stop the public k=
ey=20
from being givem out and manually carry it on a USB flash drive.  It mean=
s=20
that only the carrier of the drive can assess the server, adding more=20
secuirty.

Mike.

On Wednesday 16 October 2002 21:42, David Jolley wrote:
> * Mini Mike (hemstock@tiscali.co.uk) wrote:
> > Quick question:  Does anyone know if it is possible to stop an SSH se=
rver
> > giving out it's public key?  The logic is that with the advent of USB
> > flash drives, one can add an extra layer of secuirty by keeping the k=
ey
> > away from the public ensuring only the holder can communicate with th=
e
> > SSH server.
>
> I'd have thought, seeing as how the first of the esses in ssh is done
> by public key cryptography, wouldn't it  sorta defeat the object of
> the  exercise to stop it giving out a public key, and thereby perform
> secure communications?
>
> This is the same mechanism all the protocols that pretend to do a
> secure channel communication do it.  It simply *can't* be done without
> keys.  And by definition, it's safe to shout your public key from the
> rooftops.  Heck, my PGP public key is on my website and the keyservers
> for all to see.
>
> Are you talking about at the authentication stage, when you present
> data encrypted to the server for it to check your identity?  But even
> then, the key to do the decoding is your (public) key in your home
> directory.  You would, by definition be carrying around your private
> key, which was used to encrypt the challenge packet.
>
> Have I missed your point?
>
> Cheers,
>
> Dave.