Cryptography Reference
In-Depth Information
Subject:
C=CH, ST=Vaud, L=Lausanne, O=EPFL,
CN=imapwww.epfl.ch
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:da:33:16:c5:8b:30:e5:f8:be:4d:43:68:02:e3:
e4:0e:09:35:72:f4:72:0a:fd:71:6c:79:08:e5:a8:
31:44:00:f8:e4:72:b1:23:83:6b:b4:f2:85:54:75:
c7:1e:a0:53:e1:10:b5:e6:85:8a:67:ec:8e:5e:5c:
6f:c6:b5:95:a0:55:3f:c0:45:8e:54:19:78:6e:40:
3d:ae:01:55:1c:31:fc:d4:e3:3a:9f:47:a8:6c:25:
47:f9:87:d5:ab:dc:0b:e3:71:a7:44:03:97:55:86:
46:d0:48:11:b5:bb:90:fd:d4:c7:25:3b:98:83:20:
9a:b5:ae:34:23:b8:43:12:71
Exponent: 65537 (0x10001)
Figure 12.4. Certificate for a secure IMAP server (subject part).
based on SSH and a popular open source variant based on the openSSH library. 1
The Linux community is familiar with the ssh command (still for remote login) and
scp command (for remote file transfer) since system administrators tend to close all
communication ports but the one used by these commands.
12.2.1 Principles of SSH
The principle of SSH is to implement secure (i.e. confidential and authenticated) com-
munication channels in a client-server session. The philosophy of SSH was originally
to be user-friendly ( ssh had to be used exactly like rlogin ), ready to use without
any complicated installation, and to be deployed easily. The counterpart was that the
security level was not so high, although higher than what was used before. The new
release of SSH (known as SSH2) uses public-key infrastructures in order to authenti-
cate servers. This is typically heavy stuff, but the user can easily bypass it: he just has
to click “OK” anytime there is a security warning.
When a client wishes to connect to a server, the server sends its public key together
with a certificate (if available). The first connection is critical: either the client is able
to strongly authenticate the public key, e.g. by checking a certificate or having the
user to check the public-key fingerprint, or the client has to trust that the public key is
correct. Then the client stores the public key in a file (typically, .ssh/known hosts ).
Assuming that this first connection is OK, all future connection to the same server
should be secure by comparing the received key with the correct public key from this
file. The underlying assumption is that this file has integrity protection. If the key does
1
See http://www.ssh.com and http://www.openssh.org.
Search WWH ::




Custom Search