Joshua puttygen keys let you authenticate yourself to the remote Linux server great....what you are saying is that we haven't solved the problem of how to authenticate the remote Linux server to /ourselves/..... The obvious missing feature PuttY needs is the be able to point Putty to the *public* key of Linux server in addition to the *private* key of the Windows client. Unfortunately, Putty stores public keys of servers in registry. There is a hack in Putty FAQ to add & then remove a public key from registry. Is is spotty at best.
We are still vulnerable to man-in-the-middle attack. The best solution I can think of if we want to carry putty.exe and our private keys around on a USB stick is to add a file to our USB stick that stores the fingerprint of our remote Linux server. Then when asked if you want to verify server's key, we can verify it via fingerprint without being vulnerable to a man-in-the-middle attack. I can't see anything wrong with just checking the fingerprint of keys when they are downloaded for the first time. It seems like the way to go unless I'm missing something. Chris On Wed, Feb 02, 2005 at 06:03:36PM -0800, Joshua Penix wrote: > > On Feb 2, 2005, at 1:34 PM, [EMAIL PROTECTED] wrote: > > >PuTTY still gives me the 'Are you sure you want to trust this key' > >as if it is not using the private key file. > > If it's asking about trusting a key, I suspect you're seeing the dialog > asking if you wish to verify the remote server's key. You'll have to > accept it once. From that point on, it will only prompt you if the > server's key changes, which shouldn't happen unless you rebuild the > server - so when you're prompted you know something is up. > > Anyway, once that's past, you should immediately wind up with a login > shell - it shouldn't prompt for username or password, since the > private/public key authentication is taking care of that. > > --j > -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: [EMAIL PROTECTED] _______________________________________ -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
