NetStumbler.org Forums - View Single Post

03-09-2002

Yeah, i was in a hurry. No you don't need the quotes when you enter in variables unless they have spaces.

remote_user=shawn will work fine.

But use bovines method. That'll work better.
you don't need keys with empty passphrases either if you use ssh-agent. But I suppose that depends on the machine.

Also:

SSH protocol version 2

When a user connects using the protocol version 2 different authentica-
tion methods are available. Using the default values for
PreferredAuthentications, the client will try to authenticate first using
the hostbased method; if this method fails public key authentication is
attempted, and finally if this method fails keyboard-interactive and
password authentication are tried.

The public key method is similar to RSA authentication described in the
previous section and allows the RSA or DSA algorithm to be used: The
client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to
sign the session identifier and sends the result to the server. The
server checks whether the matching public key is listed in
$HOME/.ssh/authorized_keys and grants access if both the key is found and
the signature is correct. The session identifier is derived from a
shared Diffie-Hellman value and is only known to the client and the serv-
er.

If public key authentication fails or is not available a password can be
sent encrypted to the remote host for proving the user's identity.

Additionally, ssh supports hostbased or challenge response authentica-
tion.

Protocol 2 provides additional mechanisms for confidentiality (the traf-
fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
(hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for
ensuring the integrity of the connection.

So no, an RSA key does *not* imply SSHv1.

03-09-2002	#8 (permalink)
Posts: n/a	. Yeah, i was in a hurry. No you don't need the quotes when you enter in variables unless they have spaces. remote_user=shawn will work fine. But use bovines method. That'll work better. you don't need keys with empty passphrases either if you use ssh-agent. But I suppose that depends on the machine. Also: SSH protocol version 2 When a user connects using the protocol version 2 different authentica- tion methods are available. Using the default values for PreferredAuthentications, the client will try to authenticate first using the hostbased method; if this method fails public key authentication is attempted, and finally if this method fails keyboard-interactive and password authentication are tried. The public key method is similar to RSA authentication described in the previous section and allows the RSA or DSA algorithm to be used: The client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to sign the session identifier and sends the result to the server. The server checks whether the matching public key is listed in $HOME/.ssh/authorized_keys and grants access if both the key is found and the signature is correct. The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the serv- er. If public key authentication fails or is not available a password can be sent encrypted to the remote host for proving the user's identity. Additionally, ssh supports hostbased or challenge response authentica- tion. Protocol 2 provides additional mechanisms for confidentiality (the traf- fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. So no, an RSA key does not imply SSHv1.