Date: Sun, 7 Mar 2010 23:25:04 +0200 From: Angelin Lalev <lalev.angelin@gmail.com> To: freebsd-questions@freebsd.org Subject: [OT] ssh security Message-ID: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Greetings, I'm doing some research into ssh and its underlying cryptographic methods and I have questions. I don't know whom else to ask and humbly ask for forgiveness if I'm way OT. So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. These algorithms can defeat any attempts on eavesdropping, but cannot defeat man-in-the-middle attacks. To defeat them, some pre-shared information is needed - key fingerprint. If hypothetically someone uses instead of the plain text authentication some challenge-response scheme, based on user's password or even a hash of user's password would ssh be able to avoid the need the user to have key fingerprints of the server prior the first connection?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?532b03711003071325j9ab3c98u703b31abdc7ea8fe>