Papers     Last modified: 08/27/03 11:56:50 AM

Y. Ali, S.W. Smith
Flexible and Scalable Public Key Security for SSH.
Technical Report TR2003-441, Department of Computer Science, Dartmouth College.
February 2003.


A standard tool for secure remote access, the SSH protocol uses public-key cryptography to establish an encrypted and integrity-protected channel with a remote server. However, the protocol as widely deployed is vulnerable to man-in-the-middle attacks, where an adversary substitutes her public key for the server's. This danger particularly threatens a traveling user Bob borrowing a client machine.

Imposing a traditional X509 PKI on all SSH servers and clients is neither flexible (do appropriate CAs and RAs exist for all machines running ssh daemons?) nor scalable (e.g., a universal root must exist and be built in to SSH clients before Bob's problem is solved).

This paper presents an alternative scheme that solves the public-key security problem in SSH without requiring such an a priori universal trust structure.




Back to home page Maintained by Sean Smith,