IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

答复: Relationship between user name and public key pair in Authentication Protocol



Hi, Bill:

For the sake of  the "public" nature of public key it will not be secure
if several users share the same public key pair. Even if the server try
its best to keep it secret, the user may disclose the public key
casually. So, it's necessary to ensure the public key pair are unique.
If the server find a user is registering a existing public key, it shall
refuse the register and invalidate the existing one. Can it work?

Regards
Miao


-----邮件原件-----
发件人: ietf-ssh-owner%netbsd.org@localhost [mailto:ietf-ssh-owner%netbsd.org@localhost] 代
表 Bill Sommerfeld
发送时间: 2003年3月20日 5:54
收件人: Miao Fuyou
抄送: ylo%ssh.com@localhost; kivinen%ssh.com@localhost; ietf-ssh%netbsd.org@localhost
主题: Re: Relationship between user name and public key pair in
Authentication Protocol


Existing implementations allow a m:n relationship between user keys and
user names; the client specifies the target user id and a key, and the
server consults a per-target-user acl (typically a file named something
like .ssh/authorized_keys in the target user's home
directory) which lists keys allowed to log in as the given target user.

Nothing prevents the same key from appearing on multiple acls, but it's
an unusual configuration.


					- Bill





Home | Main Index | Thread Index | Old Index