[OT] ssh security

Angelin Lalev lalev.angelin at gmail.com
Sun Mar 7 21:25:06 UTC 2010


I'm doing some research into ssh and its underlying cryptographic
methods and I have questions. I don't know whom else to ask and humbly
ask for forgiveness if I'm way OT.

So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange.
These algorithms can defeat any attempts on eavesdropping, but cannot
defeat man-in-the-middle attacks. To defeat them, some pre-shared
information is needed - key fingerprint.

If hypothetically someone uses instead of the plain text
authentication some challenge-response scheme, based on user's
password or even a hash of user's password would ssh be able to avoid
the need the user to have key fingerprints of the server prior the
first connection?

More information about the freebsd-questions mailing list