ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [mdk-re] SSHd
@ 2001-08-22 22:48 Al Nikolov
  2001-08-22 23:15 ` Al Nikolov
  0 siblings, 1 reply; 6+ messages in thread
From: Al Nikolov @ 2001-08-22 22:48 UTC (permalink / raw)
  To: mandrake-russian

Никак не получается логиниться на SSHd с помощью ключей. В манах
белиберда какая-то, в /etc/openssh зачем-то каталоги
authorized_keys...

Пробую так:

sshd.conf ---->
Protocol 2
PasswordAuthentication no
---->


/home/al/.ssh/authorized_keys2 ---->
ssh-rsa xxxxxxxxxxxxxxxxxxxxxx al@smena.ru
---->



Демон запрашивает пароль и рефузит на все




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [mdk-re] SSHd
  2001-08-22 22:48 [mdk-re] SSHd Al Nikolov
@ 2001-08-22 23:15 ` Al Nikolov
  2001-08-23 14:27   ` Dmitry V. Levin
  2001-08-24 18:55   ` Sergey Vlasov
  0 siblings, 2 replies; 6+ messages in thread
From: Al Nikolov @ 2001-08-22 23:15 UTC (permalink / raw)
  To: Al Nikolov

AN> Никак не получается логиниться на SSHd с помощью ключей. В манах
AN> белиберда какая-то, в /etc/openssh зачем-то каталоги
AN> authorized_keys...

Сам разобрался. Беда была с PuTTY.

Однако, кто-нибудь понимает смысл таких слов из его фака?

Question: Does PuTTY support the SSH 2 protocol?
Answer: Yes, as of version 0.50. Upgrade now! 
Public key authentication in SSH 2 is not supported, for security reasons


Какой такой резон?




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [mdk-re] SSHd
  2001-08-22 23:15 ` Al Nikolov
@ 2001-08-23 14:27   ` Dmitry V. Levin
  2001-08-23 20:13     ` Re[2]: " Al Nikolov
  2001-08-24 18:55   ` Sergey Vlasov
  1 sibling, 1 reply; 6+ messages in thread
From: Dmitry V. Levin @ 2001-08-23 14:27 UTC (permalink / raw)
  To: ALT Linux Spring mailing list

[-- Attachment #1: Type: text/plain, Size: 786 bytes --]

On Wed, Aug 22, 2001 at 11:14:00PM -0700, Al Nikolov wrote:
> Однако, кто-нибудь понимает смысл таких слов из его фака?
> 
> Question: Does PuTTY support the SSH 2 protocol?
> Answer: Yes, as of version 0.50. Upgrade now! 
> Public key authentication in SSH 2 is not supported, for security reasons

Это бред. С точки зрения безопасности PubkeyAuthentication
предпочтительнее, чем PasswordAuthentication.


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re[2]: [mdk-re] SSHd
  2001-08-23 14:27   ` Dmitry V. Levin
@ 2001-08-23 20:13     ` Al Nikolov
  2001-08-23 21:48       ` Dmitry V. Levin
  0 siblings, 1 reply; 6+ messages in thread
From: Al Nikolov @ 2001-08-23 20:13 UTC (permalink / raw)
  To: Dmitry V. Levin

>> Question: Does PuTTY support the SSH 2 protocol?
>> Answer: Yes, as of version 0.50. Upgrade now! 
>> Public key authentication in SSH 2 is not supported, for security reasons

DVL> Это бред. С точки зрения безопасности PubkeyAuthentication
DVL> предпочтительнее, чем PasswordAuthentication.

Ну, да. Речь идет, очевидно, об аутентификации по ключу в сочетании
именно с SHH 2. Но я никаких концов о дыре нигде не нашел.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [mdk-re] SSHd
  2001-08-23 20:13     ` Re[2]: " Al Nikolov
@ 2001-08-23 21:48       ` Dmitry V. Levin
  0 siblings, 0 replies; 6+ messages in thread
From: Dmitry V. Levin @ 2001-08-23 21:48 UTC (permalink / raw)
  To: ALT Linux Spring mailing list

[-- Attachment #1: Type: text/plain, Size: 1018 bytes --]

On Thu, Aug 23, 2001 at 06:46:32PM -0700, Al Nikolov wrote:
> >> Question: Does PuTTY support the SSH 2 protocol?
> >> Answer: Yes, as of version 0.50. Upgrade now! 
> >> Public key authentication in SSH 2 is not supported, for security reasons
> 
> DVL> Это бред. С точки зрения безопасности PubkeyAuthentication
> DVL> предпочтительнее, чем PasswordAuthentication.
> 
> Ну, да. Речь идет, очевидно, об аутентификации по ключу в сочетании
> именно с SHH 2. Но я никаких концов о дыре нигде не нашел.

По крайней мере, для openssh >= 2.5.2p2 то, что я сказал ранее, верно. Что
имелось в виду в процитированом Вами документе, неизвестно.


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [mdk-re] SSHd
  2001-08-22 23:15 ` Al Nikolov
  2001-08-23 14:27   ` Dmitry V. Levin
@ 2001-08-24 18:55   ` Sergey Vlasov
  1 sibling, 0 replies; 6+ messages in thread
From: Sergey Vlasov @ 2001-08-24 18:55 UTC (permalink / raw)
  To: mandrake-russian

On Wed, 22 Aug 2001 23:14:00 -0700
Al Nikolov <al@smena.ru> wrote:

> AN> Никак не получается логиниться на SSHd с помощью ключей. В манах
> AN> белиберда какая-то, в /etc/openssh зачем-то каталоги
> AN> authorized_keys...
> 
> Сам разобрался. Беда была с PuTTY.
> 
> Однако, кто-нибудь понимает смысл таких слов из его фака?
> 
> Question: Does PuTTY support the SSH 2 protocol?
> Answer: Yes, as of version 0.50. Upgrade now! 
> Public key authentication in SSH 2 is not supported, for security reasons
> 
> 
> Какой такой резон?

Так на странице же как раз на security reasons ссылка болтается:

    * Creating a DSA signature requires a 160-bit random number k. This is
used in computing the signature itself, and then discarded.
    * However, if k were to be accidentally made known to the recipient
along with the public key, the signature, and the hash of the message,
then they would have enough information to deduce the private key -
completely compromising the key and allowing the attacker to forge any
number of signatures with it.
    * Furthermore, if k is not actually known to the attacker but the
random number generation is weak enough to make it guessable in feasibly
many attempts, then the signature also contains enough information to let
the attacker know when he has guessed the correct k - and then the key is
compromised as before.
    * Therefore, a DSA signature should never be created on a platform
with less than perfect random number generation. PuTTY's random numbers
are as good as I know how to make them, and I welcome improvements, but I
don't think they're good enough to trust the security of an authentication
key to.

Кстати, в новых development-версиях PuTTY вроде бы появилась поддержка
ключей RSA для SSH2.



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2001-08-24 18:55 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-08-22 22:48 [mdk-re] SSHd Al Nikolov
2001-08-22 23:15 ` Al Nikolov
2001-08-23 14:27   ` Dmitry V. Levin
2001-08-23 20:13     ` Re[2]: " Al Nikolov
2001-08-23 21:48       ` Dmitry V. Levin
2001-08-24 18:55   ` Sergey Vlasov

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git