Fedora Users — Re: Is it possible to steal your SSH key?

Re: Is it possible to steal your SSH key?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora <fedora-list@xxxxxxxxxx>

Subject: Re: Is it possible to steal your SSH key?

From: Mike <azmr@xxxxxxxxxxxxx>

Date: Sun, 25 Feb 2007 23:07:12 -0700 (MST)

In-reply-to: <45E26FB3.6020005@xxxxxxxxxx>

References: <45E26FB3.6020005@xxxxxxxxxx>

Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>

On Mon, 26 Feb 2007, Peter Kiem wrote:

Hi,

Just wondering something...
If you connect to a compromised server using SSH keys (not passwords) is itpossible for the compromised server to record your SSH key so they can use iton other servers you log into?
Opinions?

Nope, at least not directly. When you log in your private key is not sentto the server. Instead signed data is sent to the server. The signatureis then verified with the corresponding public key on the server. In thecase of a compromised server the best a would be thief would have is dataand a signature. Determining the private key with this info is basicallydeemed cryptographically infeasible.