[GTALUG] Netgear 5-port Gigabit switch -- $10 ?
James Knott
james.knott at rogers.com
Sun Mar 27 22:56:00 UTC 2016
On 03/27/2016 10:31 PM, D. Hugh Redelmeier wrote:
> SSH does a few things for authentication.
>
> SSH hosts have keys. An SSH client warns the user if a hosts key has
> changed since the last time they talked. This puts little burden on
> the user and yet gives some security. But it won't detect a
> man-in-the-middle that was there from first contact.
>
> Users can authenticate with a client via passwords or via a public
> key. Both require out-of-band installation of credentials.
>
> I think that the password will travel over the wire when authenticating, but
> encrypted. But a spoofing server could collect passwords.
>
> With a public key system (like RSA), only a signature goes over the
> wire. So a spoofing server could not collect the key. Things get a
> little more intricate when you use ssh-agent for forwarding authenticaton.
I thought ssh used a public/private key system, at least when used
passwordless. I have to generate a public/private key pair and place
the public key on the servers I connect to and keep the private key on
my computer. Also, Cisco gear supports ssh with RSA keys.
More information about the talk
mailing list