Hi, I'm asking around is it possible to hijack clients rsa/dsa private key
if ssh-daemon is modified by someone who has evil means. I thought this was
good place to ask, so here it goes.
From what i've heard so far is that daemon sends signing request to the
client and clients signs request using private key and sends answer back to
the daemon which verifies authentication using public key.
Is this how it really happens, eg. there is no possibility whatsoever that
client would ever send its private key to server that has possibly infected
sshd running?
Yours
Markus Kovero
- ssh public key authentication Markus Kovero
-
