> On Jul 1, 2020, at 8:24 AM, Nikos Mavrogiannopoulos wrote:
>
> On Tue, Jun 30, 2020 at 8:09 PM Aris Adamantiadis wrote:
>>
>> Hi Felipe,
>>
>> In SSH, all authentication schemes are signature-based. Specifically
>> user authentication is based on signing the master hash that's derived
>> f
> On Jul 1, 2020, at 08:25, Nikos Mavrogiannopoulos wrote:
>
> On Tue, Jun 30, 2020 at 8:09 PM Aris Adamantiadis wrote:
>>
>> Hi Felipe,
>>
>> In SSH, all authentication schemes are signature-based. Specifically
>> user authentication is based on signing the master hash that's derived
>> f
On Tue, Jun 30, 2020 at 8:09 PM Aris Adamantiadis wrote:
>
> Hi Felipe,
>
> In SSH, all authentication schemes are signature-based. Specifically
> user authentication is based on signing the master hash that's derived
> from key exchange (i.e. everything that was shared by peers + shared
> secret)
> On Jul 1, 2020, at 02:15, Nikos Mavrogiannopoulos wrote:
>
> On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper
> wrote:
>>
>> Hello,
>>
>>I want to rig up a simple authentication based on SSH keys but over a
>> preexisting TLS connection.
>>
>>Since TLS already handles the
On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper wrote:
>
> Hello,
>
> I want to rig up a simple authentication based on SSH keys but over a
> preexisting TLS connection.
>
> Since TLS already handles the encryption, would the authentication be
> as simple as verifying a decode of a
It’s very rough, but:
https://gist.github.com/FGasper/4fb5b702489b9eb12c2133e9da5c5beb
-FG
> On Jun 30, 2020, at 3:40 PM, Alberto Garcia wrote:
>
> Hi,
> Can you share that code to take a look at it?
>
> Thanks
>
> On Tue, Jun 30, 2020 at 11:28 AM Felipe Gasper
> wrote:
> Hi Aris,
>
> I
Hi,
Can you share that code to take a look at it?
Thanks
On Tue, Jun 30, 2020 at 11:28 AM Felipe Gasper
wrote:
> Hi Aris,
>
> I got a proof-of-concept up of a workflow that uses libssh to do key
> exchange and then public key authn on preexisting sockets, then drops the
> SSH session entirely,
Hi Aris,
Sounds like SSH over preexisting sockets would indeed be the safer path!
Thank you.
-FG
> On Jun 30, 2020, at 2:59 PM, Aris Adamantiadis wrote:
>
> Hi Felipe
>
> Your protocol is vulnerable to active replay attack, for instance the server
> (or attacker with stolen
Hi Felipe
Your protocol is vulnerable to active replay attack, for instance the
server (or attacker with stolen TLS cert) could abuse the secrets it
sends to the client to authenticate on your behalf on a third party SSH
server. Client connects to server, server connects to SSH server, server
Hi Aris,
I got a proof-of-concept up of a workflow that uses libssh to do key exchange
and then public key authn on preexisting sockets, then drops the SSH session
entirely, leaving the preexisting sockets up. That may be what we end up doing.
It would be much simpler just to do:
- Server send
Hi Felipe,
In SSH, all authentication schemes are signature-based. Specifically
user authentication is based on signing the master hash that's derived
from key exchange (i.e. everything that was shared by peers + shared
secret). SSH ensures that the authentication is safe because it's
impossi
Hello,
I want to rig up a simple authentication based on SSH keys but over a
preexisting TLS connection.
Since TLS already handles the encryption, would the authentication be
as simple as verifying a decode of a string that the public key encodes?
Is there any prior art
12 matches
Mail list logo
