DSA harmful for remote authentication to compromised hosts?

Joshua Hill josh-lists at untruth.org
Sat Jan 3 13:21:00 EST 2009

On Fri, Jan 02, 2009 at 06:12:39PM -0800, Simon Kirby wrote:
> Just to confirm, the client (which has the private key) supplies this
> random 'k' variable, or does the server (running sshd) generate it? 

The 'k' value is provided by the entity producing the signature (i.e.,
the only entity with the private key), which for SSH user authentication
is the client.  (If the server could generate it for the client, then
a malicious server could break the client's private key!)


More information about the openssh-unix-dev mailing list