Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using RSA key _and_ password

from [Robert Hajime Lanning] Network Security [Permanent Link]
Subject: Re: Using RSA key _and_ password
Date: Tue, 6 Jun 2006 11:23:25 -0700 
He is trying to get OpenSSH to enforce two factor authentication
from the server end.

1) Something you have (Private Key)
  o Provided by the key challenge that has been described.
2) Something you know (Password)
  o Asked for via the password authentication feature.

The issue is having the server require both authentication methods.
Not just one.

Now the private key could be encrypted with a passphrase to get the
two factor, but this is not enforcable at the server.  There is nothing
that the server can do to enforce that the private key (which the server
never sees) is always encrypted with a non-null passphrase.

On 6/5/06, Sven Édouard <sven_edouard@fastmail.co.uk> wrote: 
Hi Alex,
OpenSSH should be able to do this. From the man pages:
     "As a second authentication method, ssh supports RSA based
     authentication.
     The scheme is based on public-key cryptography: there are
     cryptosystems
     where encryption and decryption are done using separate keys, and
     it is
     not possible to derive the decryption key from the encryption key.
     RSA
     is one such system.  The idea is that each user creates a
     public/private
     key pair for authentication purposes.  The server knows the public
     key,
     and only the user knows the private key.

     The file $HOME/.ssh/authorized_keys lists the public keys that are
     per&#8208;
     mitted for logging in.  When the user logs in, the ssh program
     tells the
     server which key pair it would like to use for authentication.  The
     server checks if this key is permitted, and if so, sends the user
     (actu&#8208;
     ally the ssh program running on behalf of the user) a challenge, a
     random
     number, encrypted by the user's public key.  The challenge can only
     be
     decrypted using the proper private key.  The user's client then
     decrypts
     the challenge using the private key, proving that he/she knows the
     pri&#8208;
     vate key but without disclosing it to the server."

If you can't solve your problems, post the specific problem you are
encountering.

Sven


On Fri, 2 Jun 2006 16:14:56 -0400, "Alex Perematko" <alexp@novator.com>
said:
> Hi,
>
> I'd appreciate if somebody could suggest me how to configure OpenSSH to
> require RSA key _and_ password to authenticate a user.
> This feature exist in SSH.COM ssh, but I was unable to configure it in
> OpenSSH.
> If this can not be done at the moment, does anybody know what it takes
> convince ($$ or otherwise) OpenSSH development team to add this feature ?
>
> Alex
>
--
  Sven Édouard
  sven_edouard@fastmail.co.uk

--
http://www.fastmail.fm - A fast, anti-spam email service.




--
And, did Guloka think the Ulus were too ugly to save?
                                        -Centauri

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Port Forwarding - Firewall Traversal, Henry Kupets
Next by Date:  RE: Using RSA key _and_ password, Alex Perematko
Previous by Thread:  Re: Using RSA key _and_ password, Sven Édouard
Next by Thread:  RE: Using RSA key _and_ password, Alex Perematko
Indexes:  [Date] [Thread] [Top] [All Lists]