"Mutuality" of public key authentication



  • I'm a newbie when it comes to cryptographic security, but there's something I'm not quite getting concerning the "mutual" aspect of public key authentication.

    Say you have a client X, and that client X needs to establish a secure SSH FTP connection to a server Y. To do so in a safe way, you create a keypair on your local machine using ssh-keygen, store the private key on the server making the request ("client"), and the public key V on the server Y, for the user Z.

    You now connect via SSH FTP from the client X, by sending the public key V to the server Y, using the user Z. What I do not get is how this authentication is mutual? If for example an attacker gets access to the public key V, can't he spoof the server Y's IP with that public key V, and then intercept the traffic and retrieve all the unencrypted data from client X?

    Or does public key authentication always also use the same process in reverse, meaning that the client first makes the request using the public key stored on the server, the server authenticates the signature, and then the client authenticates the answer from the server, with a signature which is computed with a private key on the server-side only?

    As an example, I'm using https://phpseclib.com/docs/auth/#public-key , but I don't see the mutual step in it. Is it actually on me to do the mutual step, e.g. by using https://api.phpseclib.com/master/phpseclib3/Net/SSH2.html#method_getServerPublicHostKey to verify the SSH fingerprint upon every connection ?

    Basically, I'm just not getting how traffic using public key authentication is not vulnerable to traffic interecption if an attacker has access to the server's public key and spoofs / impersonates that server's IP.



  • Basically, I'm just not getting how traffic using public key authentication is not vulnerable to traffic interecption if an attacker has access to the server's public key and spoofs / impersonates that server's IP.

    Because, in order to spoof the server, the attacker would also need the private key that corresponds with the public key.

    See https://security.stackexchange.com/questions/105376/could-a-stolen-certificate-show-as-trusted for more info.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2