On Tue, May 31, 2005 at 02:45:56PM +0100, Ian G wrote:

> On Saturday 28 May 2005 18:47, James A. Donald wrote:
> > Do we have any comparable experience on SSH logins?
> > Existing SSH uses tend to be geek oriented, and do not
> > secure stuff that is under heavy attack.  Does anyone
> > have any examples of SSH securing something that was
> > valuable to the user, under attack, and then the key
> > changed without warning?  How then did the users react?
> I've heard an anecdote on 2 out of 3 of those criteria:
> In a bank that makes heavy use of SSH, the users have
> to phone the help desk to get the key reset when the
> warning pops up.  The users of course blame the tool.
> I suspect in time the addition of certificate based
> checking into SSH or the centralised management
> of keys will overcome this.

The solution for intramural use of SSH is to use Kerberos for mutual
authentication, this obviates the need for per-user known hosts files.

Though it took some time for the code that correctly integrates Kerberos
into OpenSSH to be adopted, AFAIK this is now done. If it is not (please
apply suitable prods to maintainers, as the code has been available for
some time).

The key obstacle was to allow Kerberos mutual auth to not only log the
user in, but to also authenticate the server despite any mismatch in the
(now ephemeral) RSA keys.


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to