Openssh for Windows

Corinna Vinschen vinschen at redhat.com
Thu Jul 31 21:59:39 EST 2008 

On Jul 30 15:25, Jim Knoble wrote:
> Circa 2008-07-30 04:58 dixit Corinna Vinschen:
> 
> : On Jul 29 14:00, Jim Knoble wrote:
> : > Circa 2008-07-29 06:08 dixit Corinna Vinschen:
> : > : [...] But I'm still feeling rather uncomfortable with the idea to
> : > : have two-way encrypted password stored somewhere in the system.
> : > 
> : > You could encrypt the user's password using the user's SSH public key.
> : > Then the private key could be used to both authenticate and decrypt the
> : > password.  It's a bit cumbersome if there are more than a few keypairs
> : > used to access the account, but ... just a thought.
> : 
> : That's an interesting idea but the problem is that the user context
> : change is generic code buried within the seteuid call.  It has to work
> : with all sorts of applications changing the user context, not just with
> : sshd.  Therefore, a generic solution is required.
> 
> Hmm.  That definitely sounds more complex than one would want it to be.
> The generic solution really sounds like Kerberos.

Still needs a supported user authentication method, password or smart
card.  It's way over my head to write a Windows Kerberos authentication
plugin.

> : I'm not overly encryption savvy.  Is it at all possible to store a
> : two-way encrypted password in a safe way, using a known encryption
> : mechanism, storing it in a known location?  Even if another key is
> : used on every machine?
> 
> It depends on what risks are acceptable to you.  Unless the user enters
> the encryption key itself or a passphrase for the key, then the
> encryption key must be stored in what is effectively plaintext, either
> in permanent (disk) or volatile (RAM) storage.  Thus, an attacker who
> gains sufficiently privileged access to disk or RAM (e.g., through a
> rootkit) would effectively gain access to the plaintext password as
> well.

It would have to be in permanent storage, as Interix does (registry).
In contrast to Interix, everybody would know from source where the keys
are stored and how they are encrypted.  I have no idea how to make that
safe and as long as I don't know that, I won't do it.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

More information about the openssh-unix-dev mailing list