"Noel L Yap" <[EMAIL PROTECTED]> writes: > OK, I've read this, but since I'm a bit of a newbie, I have a couple of > questions: > 1. Can the SRP authentication be used to authenticate the client to the host > without the use of assymetric keys? I understand that this may not be as secure > (since passwords generally have less entropy than keys), but in some situations, > the convenience is worth the risk. Yes. One way to look at SRP is to view it like a assymetric system where the user's private key is derived from a password. But the host-authentication part of it really uses the verifier as a shared (symmetric) secret. > 2. What effects would such a change have on ssh-agent and ssh-add? You would either have to type the SRP password each time, or tell the agent about it. Or just get the hostkey and use the traditional host- and userauthentication mechanisms in ssh. Note that LSH doesn't (yet) have anything like ssh-agent or ssh-add. I'm expecting the gateway feature (once that is implemented) to be able to replace aah-agent in many cases. See http://www.lysator.liu.se/~nisse/lsh/doc/gateway-mode.txt for some ideas about that. /Niels