Openssh for Windows

Corinna Vinschen vinschen at redhat.com
Wed Jul 30 18:58:59 EST 2008


On Jul 29 14:00, Jim Knoble wrote:
> Circa 2008-07-29 06:08 dixit Corinna Vinschen:
> : Actually, if we wanted to, we could easily do the same.  But I'm still
> : feeling rather uncomfortable with the idea to have two-way encrypted
> : password stored somewhere in the system.
> 
> You could encrypt the user's password using the user's SSH public key.
> Then the private key could be used to both authenticate and decrypt the
> password.  It's a bit cumbersome if there are more than a few keypairs
> used to access the account, but ... just a thought.

That's an interesting idea but the problem is that the user context
change is generic code buried within the seteuid call.  It has to work
with all sorts of applications changing the user context, not just with
sshd.  Therefore, a generic solution is required.

I'm not overly encryption savvy.  Is it at all possible to store a
two-way encrypted password in a safe way, using a known encryption
mechanism, storing it in a known location?  Even if another key is used
on every machine?


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list