>>>>> "Keith" == Keith Lofstrom <kei...@gate.kl-ic.com> writes:
Keith> Question? Without getting into incompetence, impersonation, Keith> man-in-the-middle, drugs and pipe wrenches ... Keith> I have a friend in another state who I want to give ssh access Keith> to on one of my machines. If I understand ssh key exchange, Keith> 1) he makes a private/public key pair for openssh 1a) using a Keith> recent Linux, of course 2) he sends me the public key over the Keith> unencrypted internet 3) I put it in the .ssh/authorized_keys2 Keith> in his user directory Keith> ... and we are probably good to go, yes? Not perfect security, Keith> but enough, I hope, to irritate a typical national spy agency. Keith> If necessary, we can escalate the complexity of the transfer, Keith> (key encoded in carrier pigeon DNA - sequence DNA, eat bird) Keith> but complication is insecure in its own way. The main thing is that you are sure you have the right public key. So, you could pipe the public key through sha512sum or something and recite the hash over the phone to be sure it's the same at both ends. The public key doesn't need to be secret. Although, theoretically national spy agency might have a big dictionary where they can look up the key pair by the public key. Also, build a continuous radar detector, so you can figure out when your "implant" is being illuminated and re-radiating your secrets. -- Russell Senior, President russ...@personaltelco.net _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug