on Fri, Aug 24, 2001 at 04:28:09PM +0100, Neill Newman scribbled:
xsprite@bigfoot.com wrote:
Yep, I've yet to see this implemented in any ssh implementation? gpg/openssh integration would be nice. or just keys stored in openpgp format. gpg --recv-keys to obtain host keys would be interesting.
this sounds like kerberos to me, but my knowledge is limited.. anybody care to correct me ??
Well, not really. Kerberos uses trusted third parties, namely the TGS similar to this, but there is no public key stuff, it's all one way hashes and symmetric ciphers. (TGS = ticket granting service. TGT = ticket granting ticket) Also the authentication is the other way around with host keys.
You are authenticating the host, before you give it your secret (in whatever way you decided.. a ticket from the Kerberos TGS, rsa key, password, etc) With Kerberos, I believe the TGS is assumed to be secure and honourable, and the algorithm itself authenticates the TGS to an extent, because it must know the hash of the users secret in order that the user be able to decrypt the TGT/session key properly. Hence no specific host to client authentication occurs.