1

Server A and B is setup for autoSSH

I am on ServerA (y.y.y.y) and is accessing ServerB.

I understand that A's public key is store in B and is use by B to encrypt the challenge to A when A connect. A then use its private key to decrypt the challenge.

When Server A ssh to B. I saw this in the /var/adm/message in B

Jul 10 10:04:25 serverB sshd[7703]: [ID 800047 auth.info] Accepted publickey for oracle from y.y.y.y port 50910 ssh2

q1) Why is A is sending its public key to B ? I thought B should be the 1 sending the public key challenge ?

Improve this question
1
  • It's just saying that the publickey for oracle on A is accepted as authentication.
    – wurtel
    Commented Jul 10, 2015 at 11:05

1 Answer 1

Reset to default
2

a1) The public key authentication can work in two phases (as described in [RFC4252]). The first one is "MAY type" and the message contains the public key to verify on server that the user is able to be allowed to access this account with this key. This is made to avoid unnecessary processing and user interaction, especially when you send your public keys on every server where you don't have set up passwordless authentication.

Your description is the step 2, which continues if the first one succeeds (most of the client implementations). The first one is not sufficient, since it doesn't prove the possession of private key (that is proved by the signature of challenge).

[RFC4252] https://www.ietf.org/rfc/rfc4252.txt

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .