From owner-freebsd-arch  Tue Oct 10 10:16:33 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id B986337B66E
	for <arch@FreeBSD.org>; Tue, 10 Oct 2000 10:16:25 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA29399;
	Tue, 10 Oct 2000 13:14:45 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 10 Oct 2000 13:14:45 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Kris Kennaway <kris@citusc.usc.edu>,
	Terry Lambert <tlambert@primenet.com>, arch@FreeBSD.org,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	Warner Losh <imp@village.org>,
	Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>
Subject: Re: cvs commit: src/etc inetd.conf
In-Reply-To: <200010101623.e9AGNwY13314@earth.backplane.com>
Message-ID: <Pine.NEB.3.96L.1001010131233.28422B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Tue, 10 Oct 2000, Matt Dillon wrote:

> :As I pointed out earlier, there needs to be a way for the administrator to
> :securely retrieve the SSH key so that they can log in securely.  Otherwise
> :the whole point of using SSH is lost.  If they just blindly accept the key
> :
> :  Robert N M Watson 
> :robert@fledge.watson.org              http://www.watson.org/~robert/
> 
>     The public key you stick in your authorized_keys file is... well,
>     public.  You can retrieve it over an unsecure network just fine and
>     it doesn't really matter who sniffs it.  A good sysop will change the
>     key every month or two just to maintain control over leakage of the
>     private key (since people need the private key to be able to ssh to
>     the box being installed), but that's about it.  It's a whole lot better
>     then transfering an encrypted password file and distributing the plaintext
>     root password to all the sysads (not to mention the fact that no sysad
>     in their right mind enables plaintext password logins to root over 
>     a network).

I'm referring to the host public key, which is used by the client to
authenticate the connection to the server.  If the client cannot retrieve
it in a secure manner, it cannot securely authenticate that it has
connected to the right host.  Right now, in absence of any defined PKI for
SSH, the commonly accepted mechanism is to compare the a priori known host
key fingerprint with the one printed by the SSH client: if they are the
same, and the hostname being bound is the same, accept the key.  In the
current install, that fingerprint does not become available until after
the first boot with SSH enabled.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message