[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OFF-TOPIC: SSH authn over TLS?
[Thread Prev] | [Thread Next]
- Subject: Re: OFF-TOPIC: SSH authn over TLS?
- From: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 1 Jul 2020 14:24:06 +0200
- To: libssh@xxxxxxxxxx
On Tue, Jun 30, 2020 at 8:09 PM Aris Adamantiadis <aris@xxxxxxxxxx> wrote: > > Hi Felipe, > > In SSH, all authentication schemes are signature-based. Specifically > user authentication is based on signing the master hash that's derived > from key exchange (i.e. everything that was shared by peers + shared > secret). SSH ensures that the authentication is safe because it's > impossible for either party to replay or precompute that hash. I don't > think TLS would let you extract or derive secrets based on the session's > secret. I'm not sure how you intend to use them, but to enable your reasoning, you can derive secrets based on the session keys using the rfc5705 exporters. I believe the exporters are supported by most implementations. regards, Nikos
| Re: OFF-TOPIC: SSH authn over TLS? | Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> |
| Re: OFF-TOPIC: SSH authn over TLS? | Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> |