On Fri, 13 Oct 2000, Rachit Siamwalla wrote:
>
> I've been using ssh for a while now (both fsecure and openssh), but am
> not an expert on security. I was wondering whether the following is
> secure:
>
> I create a key pair, trusted & trusted.pub
>
> I run sshd on a server (no telnet, rsh or other services). I create a
> user "guest", and put "trusted.pub" in my authorized
file. I give away
> "trusted" (the private key) to people I trust, but lets assume
for a
> moment that it is public (its hard to enforce that "trusted" will
not be
> distributed indiscriminately).
You are better off making multiple keypairs, one for each person that
you wish to give access to. This will make it easy to revoke access
to a single person.
> For the user guest, i set the shell in /etc/passwd to be my own server
> program that i make as bullet-proof as possible.
You are better off using key options in your authorized_keys
file. The syntax is:
command="your command",[options] [keydata]
e.g:
command="cvs
server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss
AAAAB3NzaC1C15907A13182AEC4CF198C0B34104A146541578F5A3EB1C65776438616511AF7SRQyzSMF1gyUkEnT+O3BMmKiwnFYu/fy+eiUOYSf9AAAAFQDCkuOkBpR1XFM52lFVxEo+dfTwnQAAAIBYq/1hbl8WYMP8Cnfx8ajGnNBpd5twHwoV3V6J/owCUxSCNkXk1iv2zIOkGaWNdqDY24HXKd759bmx/0bAoKAd1GzzN8aYXgKvj9Xgyl00A7YD0JdkjJykcPn/hAhz9bL+QiN5HDXOns0Q5rXMC15907A13182AEC4CF198C0B34104A146541578F5A3EB1C65776438616511AFpvKM3ffs1SbysZczo+A7OgxTZ8qGnlCyT3GsrbT1KXF39353Y2zMI=
user at example.com
This will limit the user of the key to the specified program and also
prevent them from setting up port-forwards.
Have a look at the sshd manpage for details.
> For the people i give the key away to, i give them a client program to
> access this server program which uses the "trusted" key.
>
> My question is, is it possible for a smart, evil man given the the
> trusted key and the source of the client program to circumvent the
> /etc/passwd shell and bypass my server program (assuming that the
> server program has no bugs in it)?
Not to our knowledge. If they could, it would be a serious bug in
OpenSSH.
-d
--
| ``The power of accurate observation is | Damien Miller <djm at
mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org