Re: Is it possible to steal your SSH key?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 26 Feb 2007, Peter Kiem wrote:

Hi,

Just wondering something...

If you connect to a compromised server using SSH keys (not passwords) is it possible for the compromised server to record your SSH key so they can use it on other servers you log into?

Opinions?



Nope, at least not directly. When you log in your private key is not sent to the server. Instead signed data is sent to the server. The signature is then verified with the corresponding public key on the server. In the case of a compromised server the best a would be thief would have is data and a signature. Determining the private key with this info is basically deemed cryptographically infeasible.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux