Users are automatically given the servers DSA public key when they connect – can this behavior be disabled to increase security?
(top) A: There is no support for this, because it wouldn’t make any sense – the purpose of the DSA key is to authenticate the server to the client, not vice versa. The client is authenticated to the server by means of the user/password combo, which is sent over the encrypted link. If you can’t trust username/password to authenticate your users, then you should reconsider your entire authentication scheme (for example, implement tighter controls over who has a password and how often they must change it). The public DSA key truly is meant to be a public key, which is made accessible to anyone who wants it so they can verify that the holder of the corresponding private key (ie. the SafeTP proxy on your server machine) really is who it claims to be when it signs cryptographic messages during secure connection establishment. Hiding this public key wouldn’t make your setup any more secure, it would simply make it harder for legitimate users to connect and authenticate via user/password. If y
Related Questions
- I am not able to connect to the Data Server from the Data Analyzer, even though I have imported the public key from the Data Server. What could be going wrong?
- Do users need to make any configuration changes on their laptops or PDAs to connect to a public access WLAN based on Pronto Networks technology?
- Users are automatically given the servers DSA public key when they connect - can this behavior be disabled to increase security?
