[OT] ssh security
lalev.angelin at gmail.com
Sun Mar 7 21:29:00 UTC 2010
On Sun, Mar 7, 2010 at 11:25 PM, Angelin Lalev <lalev.angelin at gmail.com> wrote:
> I'm doing some research into ssh and its underlying cryptographic
> methods and I have questions. I don't know whom else to ask and humbly
> ask for forgiveness if I'm way OT.
> So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange.
> These algorithms can defeat any attempts on eavesdropping, but cannot
> defeat man-in-the-middle attacks. To defeat them, some pre-shared
> information is needed - key fingerprint.
> If hypothetically someone uses instead of the plain text
> authentication some challenge-response scheme, based on user's
> password or even a hash of user's password would ssh be able to avoid
> the need the user to have key fingerprints of the server prior the
> first connection?
To clarify, we as users anyway do have shared secret with the server
and that's the authentication password why we could not use that
instead of or in addition to a key fingerprint?
More information about the freebsd-questions