From owner-freebsd-questions Thu Jan 1 20:01:14 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id UAA03705 for questions-outgoing; Thu, 1 Jan 1998 20:01:14 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA03698 for ; Thu, 1 Jan 1998 20:01:08 -0800 (PST) (envelope-from brian@awfulhak.org) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.7/8.8.7) with ESMTP id XAA01930; Thu, 1 Jan 1998 23:57:38 GMT (envelope-from brian@gate.lan.awfulhak.org) Message-Id: <199801012357.XAA01930@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0.1 12/23/97 To: Jay Nelson cc: Steve Hovey , questions@freebsd.org Subject: Re: ssh trust (was Re: HACKED (again)) In-reply-to: Your message of "Thu, 01 Jan 1998 12:29:52 CST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 01 Jan 1998 23:57:37 +0000 From: Brian Somers Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Thu, 1 Jan 1998, Steve Hovey wrote: > > > > > I personally dont trust ssh - I have no other reason not to trust it than > > that I suffered a root incursion once shortly after installing it - since > > it was the last thing in, I did not reinstall it when I rebuilt the > > system. > > When we installed ssh, we tested and checked against a dump. Normal > telnet login sends the password 1 character per packet -- fairly easy > to pick out of a dump. Ssh, though, collects the entire password, > encrypts it and sends one packet. If we weren't using a target machine > with no other activity, we would likely have missed it. Errrum, that's not true AFAIK. Ssh's authentication is challenge based - it goes something like this: The server sends some random data, the client encrypts it using his private key, his machines private key and the servers public key and sends the answer to the server. The server decrypts it using its private key, the client machines public key and the clients public key, then compares it against the original. Someone watching the conversation will be none the wiser. I'm sure it's more complicated than this too :-) > -- Jay > -- Brian , , Don't _EVER_ lose your sense of humour....