EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to check whether the SSH client is using GSSAPI-Key-exchange?

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#29064
Posted: 04/01/2014 07:27:43
by Venkat k (Basic support level)
Joined: 02/13/2014
Posts: 15

Hi,
it seems there is no option equivalent to ssh -vvv to check the details, how can I verify whether the ssh client is using GSSAPI-KEY-Exchange for authentication?

Our Security expert wants to know which method is being used for authentication. Is there any way I can check this?

Regards
#29065
Posted: 04/01/2014 07:32:14
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can check TElSimpleSSHClient.KexAlgorithm property after a connection is established.
#29080
Posted: 04/02/2014 05:42:39
by Venkat k (Basic support level)
Joined: 02/13/2014
Posts: 15

As I am setting the property, I will get the same, but that cannot be used to convince others. Is there any way I can test to confirm the GSSAPI-key-exchange is used?

Regards,
Venkat
#29081
Posted: 04/02/2014 05:47:44
by Eugene Mayevski (EldoS Corp.)

What do you mean by "convince others"? Convincing anybody is non-sense, if they don't trust the code, they should conduct security audit of the source code that will show how the property is set and how the algorithm is identified.


Sincerely yours
Eugene Mayevski
#29082
Posted: 04/02/2014 05:48:39
by Vsevolod Ievgiienko (EldoS Corp.)

Another way is to handle TElSimpleSHClient.OnAuthentication* events. You can check if GSSAPI is supported by the server inside OnAuthenticationStart and then check if its used using OnAuthenticationAttempt and OnAuthenticationSuccess/OnAuthenticationFailed events.
#29104
Posted: 04/03/2014 04:06:51
by Venkat k (Basic support level)
Joined: 02/13/2014
Posts: 15

Hi,
#Eugene Mayevski,
>>if they don't trust the code, they should conduct security audit of the source code

The question is not about my code, which can be audited easily. Forget about others, How do I know whether the library is using GSSAPI-Key-exchange? Setting the property is not good enough proof. Your statement is correct if I have the source code of the library, since we don't have the source code of the library, I would like to know from the verbose output of the sever about the key-exchange or not. Does this make sense now?

#Vsevolod Ievgiienko,
Thanks for your suggestion, but here again I get get the parameters, but nothing from the server output.

Regards,
Venkat
#29105
Posted: 04/03/2014 04:25:25
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
I would like to know from the verbose output of the sever about the key-exchange or not.

The component doesn't allow to produce such output, sorry. You can force debug loggin on server side if its possible to check if a client really use needed parameters.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 583 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!