From: Sergey Vlasov <vsu@mivlgu.murom.ru>
To: mandrake-russian@altlinux.ru
Subject: Re: [mdk-re] SSHd
Date: Fri Aug 24 18:55:06 2001
Message-ID: <20010824175400.6f573bd2.vsu@mivlgu.murom.ru> (raw)
In-Reply-To: <33445442352.20010822231400@smena.ru>
On Wed, 22 Aug 2001 23:14:00 -0700
Al Nikolov <al@smena.ru> wrote:
> AN> Никак не получается логиниться на SSHd с помощью ключей. В манах
> AN> белиберда какая-то, в /etc/openssh зачем-то каталоги
> AN> authorized_keys...
>
> Сам разобрался. Беда была с PuTTY.
>
> Однако, кто-нибудь понимает смысл таких слов из его фака?
>
> Question: Does PuTTY support the SSH 2 protocol?
> Answer: Yes, as of version 0.50. Upgrade now!
> Public key authentication in SSH 2 is not supported, for security reasons
>
>
> Какой такой резон?
Так на странице же как раз на security reasons ссылка болтается:
* Creating a DSA signature requires a 160-bit random number k. This is
used in computing the signature itself, and then discarded.
* However, if k were to be accidentally made known to the recipient
along with the public key, the signature, and the hash of the message,
then they would have enough information to deduce the private key -
completely compromising the key and allowing the attacker to forge any
number of signatures with it.
* Furthermore, if k is not actually known to the attacker but the
random number generation is weak enough to make it guessable in feasibly
many attempts, then the signature also contains enough information to let
the attacker know when he has guessed the correct k - and then the key is
compromised as before.
* Therefore, a DSA signature should never be created on a platform
with less than perfect random number generation. PuTTY's random numbers
are as good as I know how to make them, and I welcome improvements, but I
don't think they're good enough to trust the security of an authentication
key to.
Кстати, в новых development-версиях PuTTY вроде бы появилась поддержка
ключей RSA для SSH2.
prev parent reply other threads:[~2001-08-24 18:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-22 22:48 Al Nikolov
2001-08-22 23:15 ` Al Nikolov
2001-08-23 14:27 ` Dmitry V. Levin
2001-08-23 20:13 ` Re[2]: " Al Nikolov
2001-08-23 21:48 ` Dmitry V. Levin
2001-08-24 18:55 ` Sergey Vlasov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010824175400.6f573bd2.vsu@mivlgu.murom.ru \
--to=vsu@mivlgu.murom.ru \
--cc=mandrake-russian@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git