Solaris 8 x86 rsa pubkey auth problem
Mikhail Manuylov
mikhail.manuilov at gmail.com
Thu May 4 21:01:55 EST 2006
On 5/4/06, Mikhail Manuylov <mikhail.manuilov at gmail.com> wrote:
> On 5/4/06, Darren Tucker <dtucker at zip.com.au> wrote:
> > On Thu, May 04, 2006 at 09:48:57AM +0200, Peter Stuge wrote:
> > > If ssh didn't read the public key in (2) the user would have to enter
> > > the passphrase for any and all private keys available to ssh, not
> > > just the one that would be used for actually authenticating the user.
> >
> > It's faster, too.
> >
> > Without it, you would also have to perform a sign (on the client) and
> > verify (on the server) which is relatively expensive. The "will you
> > accept the key with this fingerprint?" operation is a lot cheaper than
> > sign+verify (remember, the client might try a number of keys).
>
> I look to diff of successfull and failed output of 'ssh -vvv' :
> "-debug1: Offering public key: auditor_id_rsa
> -debug3: send_pubkey_test
> +debug1: Trying private key: auditor_id_rsa
> +debug1: read PEM private key done: type RSA
> +debug3: sign_and_send_pubkey"
I think here should be a fix, cause as I've said before, nowhere in
the debug output you can find real filename "auditor_id_rsa.pub", only
private key prefix:
----->debug1: Offering public key: auditor_id_rsa".pub"
>
> Now with your comments I got it ( i just have no more time to dig sources).
>
> Ok it's faster, but:
>
> 1) I can't find where in ssh(1) this feature is mentioned.
> 2) Is there method to check if particular public key is from one pair
> with user (-i option) supplied private key.
> Cause 100% guessing <private_key_filename>.pub for corresponding
> pubkey file is somewhat naive.
>
> >
> > --
> > Darren Tucker (dtucker at zip.com.au)
> > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> > Good judgement comes with experience. Unfortunately, the experience
> > usually comes from bad judgement.
> >
>
> BTW, please CC me, cause I'm not subscribed to the list.
>
> --
> Truly yours, Mikhail Manuilov
>
--
Truly yours, Mikhail Manuilov
More information about the openssh-unix-dev
mailing list