[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OFF-TOPIC: SSH authn over TLS?
[Thread Prev] | [Thread Next]
- Subject: Re: OFF-TOPIC: SSH authn over TLS?
- From: Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 1 Jul 2020 10:02:40 -0400
- To: libssh@xxxxxxxxxx
> On Jul 1, 2020, at 08:25, Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> wrote: > > On Tue, Jun 30, 2020 at 8:09 PM Aris Adamantiadis <aris@xxxxxxxxxx> wrote: >> >> Hi Felipe, >> >> In SSH, all authentication schemes are signature-based. Specifically >> user authentication is based on signing the master hash that's derived >> from key exchange (i.e. everything that was shared by peers + shared >> secret). SSH ensures that the authentication is safe because it's >> impossible for either party to replay or precompute that hash. I don't >> think TLS would let you extract or derive secrets based on the session's >> secret. > > I'm not sure how you intend to use them, but to enable your reasoning, > you can derive secrets based on the session keys using the rfc5705 > exporters. I believe the exporters are supported by most > implementations. Ah! This might be useful if it serves the same purpose as the session ID in the SSH authn. I’ll play with this .. thank you! -F
| Re: OFF-TOPIC: SSH authn over TLS? | Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> |