0

In line with this question...if you have a large number of hosts, and a large number of users who service these hosts, how do you set the private keys for these hosts enmasse across the users who connect to them with putty? So that you don't have to risk the 'trust of first use' attacks.

I'm sure it probably has something to do with putty agent, but I'm uncertain what needs to be done.

leeand00
  • 1,357
  • 1
  • 13
  • 21
  • I'm confused, talking about private keys with putty makes it sound like you're talking about the client's authentication key, but "trust on first use" only relates to the host's authentication key. Are you talking about the host's public key (in which case this seems the same as the other question) or the client's private key (in which case trust on first use is irrelevant)? – AndrolGenhald Dec 11 '18 at 20:03
  • wrt SSH CA and Putty, according to [this](https://superuser.com/q/1234846) you may be out of luck, but there may be alternative clients that support it. – AndrolGenhald Dec 11 '18 at 20:05
  • I am similarly confused. You should be configuring the host key during a deployment process so SSH only auths via certs. If you're turning on certificate auth on deployed servers, it sounds like it should be done from a console session if you're concerned about those types of attacks. – thepip3r Dec 11 '18 at 20:47
  • Is the authentication key the public key? @AndrolGenhald yeah, it's the same question but for using putty on Windows. – leeand00 Dec 11 '18 at 22:55
  • @leeand00 Public and private "keys" are actually each half of a single key. For ssh the client has a "keypair" that authenticates it to the server, and the server has a keypair that authenticates it to the client. Private keys are used to create a signature, and public keys can validate the signature. You may find [this question](https://security.stackexchange.com/q/23227) useful to learn a bit more about how ssh works. Reading up on [asymmetric cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) may also be useful. – AndrolGenhald Dec 11 '18 at 23:10
  • @AndrolGenhald I always understood it as a lock and key...the lock is public like on a door, and a private key is on your person maybe I'm misunderstanding that. – leeand00 Dec 11 '18 at 23:34

0 Answers0