[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH with pre-shared key *and* password authentication. How



I'm no expert on cryptography... so if I'm saying something incorrectly,
please chime in.

I think you are confusing some different concepts.

A pre-shared key is generally used in symmetric cryptography.  If I hand
you an index card that says "-4" on it and then later sent you a message
that says "10", you would know that the intended number is "6" because we
"pre-shared" the key.

SSH uses asymmetric (or public-key) cryptography.  You and a server each
have a private key (that you send to no-one) and a public key (that you
send to anyone).  This allows you to both encrypt/decrypt messages, and
also verify the source.

Your login and password is a different layer of protection.  If an
attacker already knows your login and password, your server will gladly
create a secure channel with the attackers machine and allow them access. 
You can protect yourself from this by only allowing your server to
communicate via SSH with certain hosts (see: hosts.allow/hosts.deny).

I don't really know of any SSH Primers (besides the Wikipedia page, which
I'm sure you've already read).  I recommend getting your hands dirty.  Try
tunneling an X11 connection between two machines.

If you are interested in learning more about cryptography in general, this
article is decent:

http://www.ibm.com/developerworks/library/s-crypt01.html

Also, if you are around STL I'd be happy to lend you my textbook from the
Client/Server Relationships course I took.  I can drop it off at The
Computer Room for you or bring it to the next meeting.

Good luck!

-Jason


> Ok, so I've been talking to Zach a lot lately, and he's got me all
> paranoid about running ssh.
>
> I know how to setup the really basic stuff... like... enabling the
> server, but past that, I don't really know how to do anything useful.
> I'd really like to read up on the different authentication methods and
> all of that, but there's so much going on, I don't really know where
> to start.
>
> My main goal is to setup my ssh server so that it requires a client to
> have a username, a password, and a pre-shared key... just to add
> another layer of security. While I'm sure no one really cares enough
> to spend the time brute-forcing my password, I do think it would be
> fairly useful knowledge to have.
>
> Could anyone point me to any particularly good documentation, or
> recommend a book on the subject?
> Also, I am perfectly aware that there is a lot of good information in
> the man pages for openssh, but what I'm really looking for is a primer
> on the whole subject, because I don't even understand half of the
> terms that get thrown around.
>
> -- kyle
>
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
>



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.