Privilege Separation Design Question
Iain Morgan
imorgan at nas.nasa.gov
Fri Jul 1 03:06:51 EST 2011
I wonder if the (not yet committed) roaming feature could be (ab)used to
meet this need. If both the client and server had support for the
feature, it might be feasible to break sshd's TCP connection and then
wait for the client to reauthenticate.
--
Iain Morgan
On Thu, Jun 30, 2011 at 10:44:10 -0500, Cal Leeming [Simplicity Media Ltd] wrote:
> Oh jeez, I had totally forgot about that.
>
> To be honest, a heavily modified screen shell looks like the way forward,
> rather than modifying the SSH bins.
>
> Cal
>
> On Thu, Jun 30, 2011 at 4:38 PM, Hans Harder <hans at atbas.org> wrote:
>
> > And then we haven't even talked about tunnels....
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Iain Morgan
More information about the openssh-unix-dev
mailing list