On 03/27/2016 10:31 PM, D. Hugh Redelmeier wrote: > SSH does a few things for authentication. > > SSH hosts have keys. An SSH client warns the user if a hosts key has > changed since the last time they talked. This puts little burden on > the user and yet gives some security. But it won't detect a > man-in-the-middle that was there from first contact. > > Users can authenticate with a client via passwords or via a public > key. Both require out-of-band installation of credentials. > > I think that the password will travel over the wire when authenticating, but > encrypted. But a spoofing server could collect passwords. > > With a public key system (like RSA), only a signature goes over the > wire. So a spoofing server could not collect the key. Things get a > little more intricate when you use ssh-agent for forwarding authenticaton.
I thought ssh used a public/private key system, at least when used passwordless. I have to generate a public/private key pair and place the public key on the servers I connect to and keep the private key on my computer. Also, Cisco gear supports ssh with RSA keys. --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
