[Sderby] SSH

David Jolley sderby at mailman.lug.org.uk
Thu Oct 17 00:32:01 2002 

* Mini Mike (hemstock@tiscali.co.uk) wrote:
> The way I understand it, when you connect to an SSH server, it
> passes you the public key to encrypt the information you send to it.
> you can then log onto the server securly.  I was thinking of opening
> port 22 on my server, so that I can SSH in from the internet.  If I
> have 22 open, it means that people can play the password guessing
> game.

In essence, yes.  For these scenarios of high-paranoia, ssh has other
methods of authentication.  Only the login/password authentication
method is insecure in the fasion you describe.  The most secure form
of authentication is the public key method, where (after the secure
channel is set up using SSL) the server and client perform key based
authentication, where the ssh server requires the user to perform a
decrypt operation on data that it has encrypted using the public key
in the home directory of the user that's having an attempted logon.
This means that you, as the correct user, have the private key that
matches the public key in your home directory, and you can decrypt the
packet; the server allows you to log on.  If you haven't got the
private key matching the public key in the home directory of the user
you're trying to log on as, then you'll never[1] be able to decrypt
the packet the server has sent.  Even if you do manage to successfully
crack it, the chances are that the SSH server has given up waiting for
you to send something back, and the next time you try to log in, it'll
send you a different thing to decrypt.

So, basically, yes, user/password logons are insecure.  The SSH people
have thought about this and offer a secure alternative.

> Given that they don't know the userID, it will be resonable secure,
> but I am thinking that if you stop the public key from being givem
> out and manually carry it on a USB flash drive.  It means that only
> the carrier of the drive can assess the server, adding more
> secuirty.
> 

Security through obscurity is no security at all.  Quite right.
However, I think you've slightly misunderstood the mechanism used for
the security that SSH gives.  Public keys are, by definition public.
They are available to all.  The only key you guard with your life is
your private key.  If you were to switch on the public key
authentication (which is on by default anyway) and turn off password
authentication (which is on by default too) then you'd be required to
carry around your private key to decrypt the challenge packet that the
server sends you.  This is about as secure as it gets, and I think is
the mechanism that you were thinking of.

Cheers

Dave.

[1] well, it's cryptographically hard, not impossible, so never is a
bit strong, but certainly a long, long time.  You did generate a
1024bit or larger private key, didn't you?

-- 
Pieces of seven! Pieces of seven!
	Halt on critical fault:  Parroty error.