sshd brute force attempts?

[Chuck Swiger]

On Sep 19, 2006, at 3:38 PM, Darrin Chandler wrote:
> I think this isn't needed, and is somewhat silly. Like all (decent)
> implementations of pubkey, the key is only used to authenticate and
> exchange a symetric session key. So the pubkey sees little actual use,
> compared with the session key.
>
> Anyone who knows better please correct me.

That's about right.  The (typical) 1024-bit RSA or DSA keypair is  
only used during the initial authentication stage; the symmetric  
authentication negotiated during the initial phase (typically 128-bit  
3DES, or now AES128 or AES256) is used for the rest of the connection.

SSHv2 protocol does an initial negotiation to figure out the best  
symmetric encryption and message-digest algorithm that both sides  
support (SSH2_MSG_KEXINIT), they then perform a Diffie-Helman group  
exchange (see RFC-4419, describing the SSH2_MSG_KEX_DH_GEX_REQUEST  
stage) to negotiate a shared secret which is signed by the host key  
of the server in order to provide reasonably strong host-based  
authentication.

Only if that passes (ie, the client tests the signature using the  
public host key for the server), do the sides proceed to do user  
authentication via the SSH2_MSG_NEWKEYS stage, where the client uses  
the user's private key to sign the shared secret (well, actually, an  
"exchange hash" containing the shared secret and other things like  
the version # strings as well as the host key), which the server then  
checks to see is valid by using the public key of that user (ie, in  
~/.ssh/authorized_keys) to decrypt and compare with the shared secret  
("exchange hash") they negotiated in the first stage.

The full gory details are in RFC-4253 & 4254.

-- 
-Chuck