| gabriel rosenkoetter on Sun, 11 Aug 2002 06:50:07 +0200 |
|
On Sun, Aug 11, 2002 at 03:05:53AM +0200, Jeff Abrahamson wrote: > Same reason I have different passwords on different hosts, just seems > prudent. Maybe I'm being foolishly paranoid. You're being foolishly paranoid. An ssh key pair is NOT the same thing as a password in any sense *except* that it authenticates you to the host. It's a whole separate schema of cryptography. Cryptography is, in general, good for precisely two things: privacy and authentication. We're not interested in the privacy part here: you get that to the same extent under the SECSH protocol no matter what you use for authentication. (And, in any case, neither your unix password nor your SSH key pair is used for the encryption of the data stream under any circumstances; doing that would be a hole in the protocol anyone with half a clue could drive a Mack truck through.) We're interested strictly in authentication. Think about what happens when you connect to a host: A. You perform a TCP handshake with an SSH daemon on the host. The the hosts exchange keys to establish an enciphered stream. Then the daemon asks you for a username, which you provide. The authentication methods fall through to password, it asks you, you provide your shared secret, it hashes your secret with the salt stored in its password database. If the hashed version of your shared secret matches what's in its database, it believes you are who you say you are, and allows you to login. B. Before any connection is made, your SSH client asks you for a passphrase, which it verifies unlucks you private key. Then it makes the TCP connection, establishes the enciphered stream, and you're asked for a username. You enter your username and, since you've got a valid private key unlocked, your client attempts to use it for authentication. I don't recall the details of the SSH key pair authentication protocol, but it's some permutation of this: 1. The remote host generates a random number and sends it to you through the enciphered stream. 2. Your host enciphers that number with *your* private key, and sends it back to the remote host. 3. The remote host deciphers that packet with your public key. This process proves that you are who you say you are because of how public/private key systems work. When you generate a key pair, there isn't any real functional difference between the two keys. You merely choose one of them as a private key and one as a public key. Anything enciphered with one key can *only* be deciphered with the other key. So, to send something to you privately, we take your public key (which, under PGP, which uses a similar key infrastructure, we can get from a key server), encipher our message with it, and then the message can *only* be deciphered by you. To prove that something was really sent by you, you encipher the message with your private key. Anyone in the world can decipher that message (because they can get your public key), but that's fine; that's precisely the point. So, the point of using PKI for SSH authentication is that at no point does a shared secret traverse the wire. In fact, there *is* no shared secret. You have a passphrase that permits you access to your private key, but that happens entirely in memory on your local machine. The authentication happens over the enciphered stream between the two hosts, so all messages to the remote host are enciphered with its public key, and all messages from it are deciphered with your host's private key. That's totally orthogonal to any use of *your* key pair, and it's happening no matter the authentication method. All someone who got access to your public key could do with it is allow you access to *another* host they had control over; it would not allow them access as you even to the host where they found it, much less to any other host where it's stored. The only thing that would allow them that access is your *private* key. But that only exists on your workstation (I hope), so there's no worry of that. So, you need generate only one key pair. Never put the private key anywhere except your workstation (or, ideally, keep it on removable media and on your person whenever you're not actually *using* the data; remember to ssh-add -d it when you get up from your workstation). Put the public key everywhere. Make it world readable (though never world writeable!). Post it on your web site. Spam it all over Usenet. Doesn't matter; it doesn't buy anyone but *you* access to anything. > I'd be interested in opinions on that. It's not opinion, it's mathematical fact. :^> -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpELdR20sM0W.pgp
|
|