From owner-freebsd-questions  Wed Mar 18 14:50:12 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA14056
          for freebsd-questions-outgoing; Wed, 18 Mar 1998 14:50:12 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from clio.rice.edu (clio.rice.edu [128.42.105.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA13948
          for <questions@freebsd.org>; Wed, 18 Mar 1998 14:49:58 -0800 (PST)
          (envelope-from keyser@clio.rice.edu)
Received: by clio.rice.edu (AIX 3.2/UCB 5.64/4.03)
          id AA14409; Wed, 18 Mar 1998 16:46:32 -0600
Date: Wed, 18 Mar 1998 16:46:32 -0600
From: keyser@clio.rice.edu (Kevin Keyser)
Message-Id: <9803182246.AA14409@clio.rice.edu>
To: J.G.E.Backus@urc.tue.nl
Subject: Re: ssh and scp
Cc: questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Jos Backus <J.G.E.Backus@urc.tue.nl> wrote:
> On Wed, Mar 18, 1998 at 11:44:01AM +0000, Martijn Koster wrote:
> > > What prevents somebody from storing my public key in his ~/.ssh/identity.pub
> > > and logging into server as me?
> >
> > The fact that only _you_ have your private key (~/.ssh/identity), with
> > which you essentially prove the corresponding public key is yours.
> 
> OK, this check is what I was missing in this picture. I wonder how this
> verification process works, though. If I have a person's public key, how can
> this person (using his private key) prove to me that it indeed is his?

Suppose you pick some plaintext, encrypt it with my public key and send
it to me.  If I can then tell you what the plaintext is, then I must be
the holder of the corresponding secret key.

Kevin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message