From owner-freebsd-security  Tue Jun 29  9: 7:27 1999
Delivered-To: freebsd-security@freebsd.org
Received: from phoenix (phoenix.aye.net [206.185.8.134])
	by hub.freebsd.org (Postfix) with SMTP id BECFF1529A
	for <security@FreeBSD.ORG>; Tue, 29 Jun 1999 09:07:22 -0700 (PDT)
	(envelope-from barrett@phoenix.aye.net)
Received: (qmail 7024 invoked by uid 1000); 29 Jun 1999 16:05:22 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 29 Jun 1999 16:05:22 -0000
Date: Tue, 29 Jun 1999 12:05:22 -0400 (EDT)
From: Barrett Richardson <barrett@phoenix.aye.net>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Cc: security@FreeBSD.ORG
Subject: Re: ssh from windows
In-Reply-To: <Pine.SO4.4.05.9906290827060.2031-100000@nenya>
Message-ID: <Pine.BSF.4.01.9906291129050.27462-100000@phoenix.aye.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Tue, 29 Jun 1999, Vladimir Mencl, MK, susSED wrote:

> > Oh. The client encrypts it with the public key sent by the server - but
> > the server's private key isn't passphrase protected (it is, however,
> > readable only by root -- unless you change it).
> 
>    I'm afraid you are wrong. The RSA keys stored on disk are used for
> host authentication only. Passwords (and all other session data) are
> encrypted by a ``session key'', which is generated every (?3?) hours,
> and is not stored anywhere. And is not bound to RSA, the session
> encryption uses other encryption algorithms (with not that much
> overhead). Like blowfish, idea ... and I think, it generally uses
> shorter keys.
> 

Well, I haven't actually studied the code -- but, if RSA authentication
fails, there is no way the server can securely send a session key back
to the client -- nor can the client securely send it to the server
without RSA. The client can, however, use the server's public key to seal
the password or session key in a RSA envelope in a secure manner and send
it to the server.

To answer the original posters question, if the server's public key is
not used to create an RSA envelope, then yes, a password (or session key)
is transmitted in clear text -- and I was indeed wrong. But ... the
man page says that no password informtion is transmitted in the clear
and the aforementioned use of the server's public key is the only
way that can be accomplished.

--

Barrett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message