question about ssh / security

Damien Miller djm at mindrot.org
Sat Oct 14 13:45:11 EST 2000 

On Fri, 13 Oct 2000, Rachit Siamwalla wrote:

> 
> I've been using ssh for a while now (both fsecure and openssh), but am
> not an expert on security. I was wondering whether the following is
> secure:
> 
> I create a key pair, trusted & trusted.pub
>
> I run sshd on a server (no telnet, rsh or other services). I create a
> user "guest", and put "trusted.pub" in my authorized file. I give away
> "trusted" (the private key) to people I trust, but lets assume for a
> moment that it is public (its hard to enforce that "trusted" will not be
> distributed indiscriminately).

You are better off making multiple keypairs, one for each person that
you wish to give access to. This will make it easy to revoke access
to a single person.

> For the user guest, i set the shell in /etc/passwd to be my own server
> program that i make as bullet-proof as possible.

You are better off using key options in your authorized_keys 
file. The syntax is:

command="your command",[options] [keydata]

e.g:

command="cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1C15907A13182AEC4CF198C0B34104A146541578F5A3EB1C65776438616511AF7SRQyzSMF1gyUkEnT+O3BMmKiwnFYu/fy+eiUOYSf9AAAAFQDCkuOkBpR1XFM52lFVxEo+dfTwnQAAAIBYq/1hbl8WYMP8Cnfx8ajGnNBpd5twHwoV3V6J/owCUxSCNkXk1iv2zIOkGaWNdqDY24HXKd759bmx/0bAoKAd1GzzN8aYXgKvj9Xgyl00A7YD0JdkjJykcPn/hAhz9bL+QiN5HDXOns0Q5rXMC15907A13182AEC4CF198C0B34104A146541578F5A3EB1C65776438616511AFpvKM3ffs1SbysZczo+A7OgxTZ8qGnlCyT3GsrbT1KXF39353Y2zMI= user at example.com

This will limit the user of the key to the specified program and also 
prevent them from setting up port-forwards.

Have a look at the sshd manpage for details.

> For the people i give the key away to, i give them a client program to
> access this server program which uses the "trusted" key.
>
> My question is, is it possible for a smart, evil man given the the
> trusted key and the source of the client program to circumvent the
> /etc/passwd shell and bypass my server program (assuming that the
> server program has no bugs in it)?

Not to our knowledge. If they could, it would be a serious bug in 
OpenSSH.

-d

-- 
| ``The power of accurate observation is  | Damien Miller <djm at mindrot.org>
| commonly called cynicism by those who   | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org

More information about the openssh-unix-dev mailing list