On Fri, Aug 24, 2001 at 11:12:11PM -0600, Hubert Chan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>>>> "Peter" == Peter Cordes <[EMAIL PROTECTED]> writes: > > Peter> It is secure when you have put the public key on the remote > Peter> machine already. SSH is only vulnerable to man-in-the-middle when > Peter> you first connect to a host, and accept the host-key. > > Don't you mean "when you have put the public key on the *local* machine > already"? i.e. you have a local copy of the server's public key? > AFAIK, putting a copy of your personal public key on the server doesn't > really gain you much.
Oops, I forgot that the remote side can't authenticate themselves to you by proving they have the other half of your RSA key, since it is not secret. If both halves were secret, I think each side could verify that the other side had the matching key. This isn't how ssh does things, though. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
