* [mdk-re] SSHd @ 2001-08-22 22:48 Al Nikolov 2001-08-22 23:15 ` Al Nikolov 0 siblings, 1 reply; 6+ messages in thread From: Al Nikolov @ 2001-08-22 22:48 UTC (permalink / raw) To: mandrake-russian Никак не получается логиниться на SSHd с помощью ключей. В манах белиберда какая-то, в /etc/openssh зачем-то каталоги authorized_keys... Пробую так: sshd.conf ----> Protocol 2 PasswordAuthentication no ----> /home/al/.ssh/authorized_keys2 ----> ssh-rsa xxxxxxxxxxxxxxxxxxxxxx al@smena.ru ----> Демон запрашивает пароль и рефузит на все ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [mdk-re] SSHd 2001-08-22 22:48 [mdk-re] SSHd Al Nikolov @ 2001-08-22 23:15 ` Al Nikolov 2001-08-23 14:27 ` Dmitry V. Levin 2001-08-24 18:55 ` Sergey Vlasov 0 siblings, 2 replies; 6+ messages in thread From: Al Nikolov @ 2001-08-22 23:15 UTC (permalink / raw) To: Al Nikolov AN> Никак не получается логиниться на SSHd с помощью ключей. В манах AN> белиберда какая-то, в /etc/openssh зачем-то каталоги AN> authorized_keys... Сам разобрался. Беда была с PuTTY. Однако, кто-нибудь понимает смысл таких слов из его фака? Question: Does PuTTY support the SSH 2 protocol? Answer: Yes, as of version 0.50. Upgrade now! Public key authentication in SSH 2 is not supported, for security reasons Какой такой резон? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [mdk-re] SSHd 2001-08-22 23:15 ` Al Nikolov @ 2001-08-23 14:27 ` Dmitry V. Levin 2001-08-23 20:13 ` Re[2]: " Al Nikolov 2001-08-24 18:55 ` Sergey Vlasov 1 sibling, 1 reply; 6+ messages in thread From: Dmitry V. Levin @ 2001-08-23 14:27 UTC (permalink / raw) To: ALT Linux Spring mailing list [-- Attachment #1: Type: text/plain, Size: 786 bytes --] On Wed, Aug 22, 2001 at 11:14:00PM -0700, Al Nikolov wrote: > Однако, кто-нибудь понимает смысл таких слов из его фака? > > Question: Does PuTTY support the SSH 2 protocol? > Answer: Yes, as of version 0.50. Upgrade now! > Public key authentication in SSH 2 is not supported, for security reasons Это бред. С точки зрения безопасности PubkeyAuthentication предпочтительнее, чем PasswordAuthentication. Regards, Dmitry +-------------------------------------------------------------------------+ Dmitry V. Levin mailto://ldv@alt-linux.org ALT Linux Team http://www.altlinux.ru/ Fandra Project http://www.fandra.org/ +-------------------------------------------------------------------------+ UNIX is user friendly. It's just very selective about who its friends are. [-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[2]: [mdk-re] SSHd 2001-08-23 14:27 ` Dmitry V. Levin @ 2001-08-23 20:13 ` Al Nikolov 2001-08-23 21:48 ` Dmitry V. Levin 0 siblings, 1 reply; 6+ messages in thread From: Al Nikolov @ 2001-08-23 20:13 UTC (permalink / raw) To: Dmitry V. Levin >> Question: Does PuTTY support the SSH 2 protocol? >> Answer: Yes, as of version 0.50. Upgrade now! >> Public key authentication in SSH 2 is not supported, for security reasons DVL> Это бред. С точки зрения безопасности PubkeyAuthentication DVL> предпочтительнее, чем PasswordAuthentication. Ну, да. Речь идет, очевидно, об аутентификации по ключу в сочетании именно с SHH 2. Но я никаких концов о дыре нигде не нашел. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [mdk-re] SSHd 2001-08-23 20:13 ` Re[2]: " Al Nikolov @ 2001-08-23 21:48 ` Dmitry V. Levin 0 siblings, 0 replies; 6+ messages in thread From: Dmitry V. Levin @ 2001-08-23 21:48 UTC (permalink / raw) To: ALT Linux Spring mailing list [-- Attachment #1: Type: text/plain, Size: 1018 bytes --] On Thu, Aug 23, 2001 at 06:46:32PM -0700, Al Nikolov wrote: > >> Question: Does PuTTY support the SSH 2 protocol? > >> Answer: Yes, as of version 0.50. Upgrade now! > >> Public key authentication in SSH 2 is not supported, for security reasons > > DVL> Это бред. С точки зрения безопасности PubkeyAuthentication > DVL> предпочтительнее, чем PasswordAuthentication. > > Ну, да. Речь идет, очевидно, об аутентификации по ключу в сочетании > именно с SHH 2. Но я никаких концов о дыре нигде не нашел. По крайней мере, для openssh >= 2.5.2p2 то, что я сказал ранее, верно. Что имелось в виду в процитированом Вами документе, неизвестно. Regards, Dmitry +-------------------------------------------------------------------------+ Dmitry V. Levin mailto://ldv@alt-linux.org ALT Linux Team http://www.altlinux.ru/ Fandra Project http://www.fandra.org/ +-------------------------------------------------------------------------+ UNIX is user friendly. It's just very selective about who its friends are. [-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [mdk-re] SSHd 2001-08-22 23:15 ` Al Nikolov 2001-08-23 14:27 ` Dmitry V. Levin @ 2001-08-24 18:55 ` Sergey Vlasov 1 sibling, 0 replies; 6+ messages in thread From: Sergey Vlasov @ 2001-08-24 18:55 UTC (permalink / raw) To: mandrake-russian On Wed, 22 Aug 2001 23:14:00 -0700 Al Nikolov <al@smena.ru> wrote: > AN> Никак не получается логиниться на SSHd с помощью ключей. В манах > AN> белиберда какая-то, в /etc/openssh зачем-то каталоги > AN> authorized_keys... > > Сам разобрался. Беда была с PuTTY. > > Однако, кто-нибудь понимает смысл таких слов из его фака? > > Question: Does PuTTY support the SSH 2 protocol? > Answer: Yes, as of version 0.50. Upgrade now! > Public key authentication in SSH 2 is not supported, for security reasons > > > Какой такой резон? Так на странице же как раз на security reasons ссылка болтается: * Creating a DSA signature requires a 160-bit random number k. This is used in computing the signature itself, and then discarded. * However, if k were to be accidentally made known to the recipient along with the public key, the signature, and the hash of the message, then they would have enough information to deduce the private key - completely compromising the key and allowing the attacker to forge any number of signatures with it. * Furthermore, if k is not actually known to the attacker but the random number generation is weak enough to make it guessable in feasibly many attempts, then the signature also contains enough information to let the attacker know when he has guessed the correct k - and then the key is compromised as before. * Therefore, a DSA signature should never be created on a platform with less than perfect random number generation. PuTTY's random numbers are as good as I know how to make them, and I welcome improvements, but I don't think they're good enough to trust the security of an authentication key to. Кстати, в новых development-версиях PuTTY вроде бы появилась поддержка ключей RSA для SSH2. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-08-24 18:55 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2001-08-22 22:48 [mdk-re] SSHd Al Nikolov 2001-08-22 23:15 ` Al Nikolov 2001-08-23 14:27 ` Dmitry V. Levin 2001-08-23 20:13 ` Re[2]: " Al Nikolov 2001-08-23 21:48 ` Dmitry V. Levin 2001-08-24 18:55 ` Sergey Vlasov
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git