One nice thing about recent versions of SSH is that they include support for signing arbitrary messages with your ssh key. I know you're not supposed to re-use keys but there have been situations where I needed to prove my identity to people who only had my ssh public key. This would have been super useful in the past.
tialaramex|3 years ago
Thus, even if you allow some adversary to literally pick the arbitrary data, when you'll sign that data and so on, your signing it cannot possibly allow them to impersonate you to a SSH server.
This is easier to pull off than the rationale for key re-use in encryption because signing opaque blobs is a neutral action your SSH client already does, if adversaries could learn your keys or whatever from seeing you sign such a blob, then SSH authentication itself would be unsafe already. In contrast decrypting data an adversary sent to you might reveal something, especially if you can be persuaded (as happened for HTTPS with older TLS versions and most popular implementations) to tell the adversary what happened when you tried so this will usually be dangerous and a rationale for why it's safe must be thorough if we want non-experts to do it.
catlifeonmars|3 years ago
What exactly happened for HTTPS with older TLS versions? Sounds like you’re alluding to some sort of oracle attack.
Reitet00|3 years ago
Just wondering what kind of situation can this be where someone has only your ssh public key? Usually people know each other via say, github user names or irc handles but ssh public keys? (genuinely curious)
lewurm|3 years ago