Openssh for Windows

Jim Knoble jmknoble at pobox.com
Wed Jul 30 04:00:20 EST 2008


Circa 2008-07-29 06:08 dixit Corinna Vinschen:

: > > The advantage of the Interix method is that the user token is a password
: > > authenticated token with network credentials.  The downside is that
: > > there's a two-way encrypted copy of your password somewhere in an
: > > undocumented place in the registry, using an undocumented two-way
: > > encryption.

  [...]

: Actually, if we wanted to, we could easily do the same.  But I'm still
: feeling rather uncomfortable with the idea to have two-way encrypted
: password stored somewhere in the system.

You could encrypt the user's password using the user's SSH public key.
Then the private key could be used to both authenticate and decrypt the
password.  It's a bit cumbersome if there are more than a few keypairs
used to access the account, but ... just a thought.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|
+----------------------------------------------------------------------+


More information about the openssh-unix-dev mailing list