Solaris 8 x86 rsa pubkey auth problem
Mikhail Manuylov
mikhail.manuilov at gmail.com
Thu May 4 19:40:06 EST 2006
On 5/4/06, Darren Tucker <dtucker at zip.com.au> wrote:
> On Thu, May 04, 2006 at 09:48:57AM +0200, Peter Stuge wrote:
> > If ssh didn't read the public key in (2) the user would have to enter
> > the passphrase for any and all private keys available to ssh, not
> > just the one that would be used for actually authenticating the user.
>
> It's faster, too.
>
> Without it, you would also have to perform a sign (on the client) and
> verify (on the server) which is relatively expensive. The "will you
> accept the key with this fingerprint?" operation is a lot cheaper than
> sign+verify (remember, the client might try a number of keys).
I look to diff of successfull and failed output of 'ssh -vvv' :
"-debug1: Offering public key: auditor_id_rsa
-debug3: send_pubkey_test
+debug1: Trying private key: auditor_id_rsa
+debug1: read PEM private key done: type RSA
+debug3: sign_and_send_pubkey"
Now with your comments I got it ( i just have no more time to dig sources).
Ok it's faster, but:
1) I can't find where in ssh(1) this feature is mentioned.
2) Is there method to check if particular public key is from one pair
with user (-i option) supplied private key.
Cause 100% guessing <private_key_filename>.pub for corresponding
pubkey file is somewhat naive.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
BTW, please CC me, cause I'm not subscribed to the list.
--
Truly yours, Mikhail Manuilov
More information about the openssh-unix-dev
mailing list