question about ssh / security
Rachit Siamwalla
rachit at ensim.com
Sat Oct 14 10:31:49 EST 2000
I've been using ssh for a while now (both fsecure and openssh), but am
not an expert on security. I was wondering whether the following is
secure:
I create a key pair, trusted & trusted.pub
I run sshd on a server (no telnet, rsh or other services). I create a
user "guest", and put "trusted.pub" in my authorized file. I give away
"trusted" (the private key) to people I trust, but lets assume for a
moment that it is public (its hard to enforce that "trusted" will not be
distributed indiscriminately).
For the user guest, i set the shell in /etc/passwd to be my own server
program that i make as bullet-proof as possible.
For the people i give the key away to, i give them a client program to
access this server program which uses the "trusted" key.
My question is, is it possible for a smart, evil man given the the
trusted key and the source of the client program to circumvent the
/etc/passwd shell and bypass my server program (assuming that the server
program has no bugs in it)?
-rchit
More information about the openssh-unix-dev
mailing list