jeudi 19 mars 2015

Is Diffie-Hellman key exchange the best way to securely exchange SSH keys?



I'm designing the communication mechanism for end user devices that will communicate with a row of servers. My current plan is



  1. on first run, a device will generate its own SSH key pair (RSA and 4096 bits)

  2. the device will transfer its ID and public key via HTTPS (utilizing a valid certificate) to one of the registration servers

  3. once confirmed, the device opens a SSH connection to a reg-server and receives the servers public key


Is this a valid approach, or would usage of "Server Authentication with Certificates" (DH key exchange) be the better == more secure way?





Aucun commentaire:

Enregistrer un commentaire