gss userauth (fwd)
Steven Michaud
smichaud at pobox.com
Mon Aug 25 04:31:36 EST 2003
On Sun, 24 Aug 2003, Steven Michaud wrote:
> Finally, despite what Love says, the gssapi protocol as used by gss
> userauth already does provide mutual authentication between the
> client and the server. It's just doesn't do it as neatly as gss key
> exchange, and a copy of the server's public key still needs to be
> stored on the client side.
>
> Yes, gss key exchange handles mutual authentication better (though
> not more securely) than gss userauth currently does. And OpenSSH
> should eventually implement gss key exchange (and the
> new-and-improved gss userauth, whenever that gets finalized). But I
> don't see any reason why Darren Tucker's openssh-gssapi-port2.patch
> shouldn't go into OpenSSH 3.7 as is.
I need to clarify a bit:
As best I can tell, making gss userauth "verify the session id" won't
fix the problem of forcing the client to store a copy of the server's
public key. Though I'll post a message to ietf-ssh asking if it's
reasonable to change gss userauth to solve this problem, too.
And it's true that, in general, relying on the client to store the
server's public key can weaken security -- think of how many people
react to server-key error messages by deleting the client-side
server-key cache. But this behavior _doesn't_ weaken gss userauth's
security (even in the current standard) -- it can't override the
gssapi protocol's mutual (client-server) authentication.
More information about the openssh-unix-dev
mailing list