Re: Main Reason for Using PKA?
- From: Mark Conrad <NoMailAccepted@xxxxxxxxxxx>
- Date: Sat, 11 Mar 2006 13:18:40 GMT
In article <IqGdnZ5eW8zMCYzZnZ2dnUVZ_t-dnZ2d@xxxxxxxxxxx>, D P Schreber
<schreberdp@xxxxxxxxxx> wrote:
On 2006-03-10, Mark Conrad <NoMailAccepted@xxxxxxxxxxx> wrote:
In article <sbSdnYhWMtW6sY3ZRVn-vw@xxxxxxxxxxx>, D P Schreber
<schreberdp@xxxxxxxxxx> wrote:
The most important benefit is that the remote user has to be inI do not know exactly what you are refering to above, if you mean that
possession of the private key...<snip>...
the remote user has to be "in possesion" of his own private key
That's what I mean.
On the other hand, if you mean that the remote user has to also be "in
possesion" of the other person's private key
That's not what I mean.
I have absolutely no problem with getting SSH to work for me, however I
do have a problem when I try to get PKA to work in concert with SSH
_and_ some applications.
Unless the applications are launching ssh themselves, this makes no
sense to me. If you launch ssh and set up some port-forwarding for
applications to use, there is no reason why any application could even
know, much less care, which kind of authentication you used.
If they _are_ launching ssh themselves, you probably need to adjust
~/.ssh/config to ensure that your preferred connection parameters are
used.
the remote user has to be in possession of the private key,
and also has to know your passphrase.
There seems to be some disagreement here about the passphrase point in
your above comment.
There shouldn't be. Unless the user created a key with an empty
passphrase, he will not be able to login without (a) owning the private
key file, and (b) entering the passphrase when prompted. End of story.
Okay, I see where I was getting confused:
I erroneously thought that PKA (Public Key Authentication) was a
whole protocol all by itself, seperate and distinct from SSH.
Thanks to your posts, I now realize that when the PKA term is used by
computer people, it merely is an informational term.
For example, during an ordinary password login, a user could say that
he is using "Password Authentication".
Likewise, if a user was using SSH , where public and private "keys" are
created/used - - - then the user could say that he is using "Public Key
Authentication" (instead of Password Authentication) for the initial
login to a computer.
One confusing part of all this, in my mind at least, is that the PKA
term _implies_ that a "key" is always used for initial login to a
computer.
This is not always the case.
Sometimes ordinary passwords are still used for initial login by users,
although hanging on to ordinary passwords impairs security.
Sometimes an application is used that _forces_ the user to continue
to use ordinary passwords, impairing security.
Timbuktu is one such application.
Thanks again for all your help. Without you and others in this NG,
there would be no chance at all for me to understand this complex
subject.
Mark-
.
- References:
- Main Reason for Using PKA?
- From: Mark Conrad
- Re: Main Reason for Using PKA?
- From: D P Schreber
- Re: Main Reason for Using PKA?
- From: Mark Conrad
- Re: Main Reason for Using PKA?
- From: D P Schreber
- Main Reason for Using PKA?
- Prev by Date: Re: Any Way to Defeat Cracker Login Attempts? (OS X)
- Next by Date: Re: "Apple: Mactels won't support Vista"
- Previous by thread: Re: Main Reason for Using PKA?
- Next by thread: Re: Main Reason for Using PKA?
- Index(es):
Relevant Pages
|
Loading
