Am So, den 10.07.2005 schrieb Todd Wease um 2:40: > On Fri, 2005-07-08 at 23:29 +0200, Alexander Dalloz wrote: > [snip] > > The > > passphrase protects the pubkey, so that if someone gets the public key > > into his hands he can not simply use it without knowing the nifty > > sentence. > > > [snip] > AFAIK the passphrase protects the private key. The client doesn't > authenticate using the public key. The server sends a nonce or some > other value encrypted with the client's public key which the client then > decrypts with the corresponding private key and sends the server back a > hash of this nonce/challenge. It's possession of the private key that > enables authentication to succeed. Possession of a user's public key > will not enable anyone to authenticate as that user. > > Todd Thanks Todd for correcting me. I should have expressed differently, and speaking about "pubkey" where I meant the whole process, the key pair wasn't good. I said "public key" where I meant it. But you are right that of course the private key - no as I said the public key - is protected by the passphrase. The private key is the part of the key pair which resides on the ssh client side while the public key part is placed on the ssh server and named authorized_keys. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 16:06:21 up 14 days, 22:58, load average: 0.13, 0.13, 0.09
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
