Solaris 8 x86 rsa pubkey auth problem

Peter Stuge stuge-openssh-unix-dev at cdy.org
Thu May 4 17:48:57 EST 2006


On Thu, May 04, 2006 at 11:12:35AM +0400, Mikhail Manuylov wrote:
> On 5/3/06, Markus Friedl <markus.r.friedl at arcor.de> wrote:
> >
> > the private key is encrypted, so you would have to enter
> > the passphrase even if the key will not be allowed.
> 
> Mmm, shure, I know this, but what about public key? I mean I still
> can't get the idea.

1. sshd has a list of approved public keys.
2. ssh sends one public key to the server at a time.
3. sshd tells ssh that a key is usable for authentication.
4. ssh now needs access to the corresponding private key and the user
   has to enter the passphrase.

If ssh didn't read the public key in (2) the user would have to enter
the passphrase for any and all private keys available to ssh, not
just the one that would be used for actually authenticating the user.

Check out ssh -vvv when authenticating with keys. grep for publickey.


//Peter




More information about the openssh-unix-dev mailing list