[OT] ssh security
Angelin Lalev
lalev.angelin at gmail.com
Sun Mar 7 21:29:00 UTC 2010
On Sun, Mar 7, 2010 at 11:25 PM, Angelin Lalev <lalev.angelin at gmail.com> wrote:
> Greetings,
>
> I'm doing some research into ssh and its underlying cryptographic
> methods and I have questions. I don't know whom else to ask and humbly
> ask for forgiveness if I'm way OT.
>
> So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange.
> These algorithms can defeat any attempts on eavesdropping, but cannot
> defeat man-in-the-middle attacks. To defeat them, some pre-shared
> information is needed - key fingerprint.
>
> If hypothetically someone uses instead of the plain text
> authentication some challenge-response scheme, based on user's
> password or even a hash of user's password would ssh be able to avoid
> the need the user to have key fingerprints of the server prior the
> first connection?
>
To clarify, we as users anyway do have shared secret with the server
and that's the authentication password why we could not use that
instead of or in addition to a key fingerprint?
More information about the freebsd-questions
mailing list