Privilege Separation Design Question

Damien Miller djm at mindrot.org
Thu Jun 30 23:45:10 EST 2011


On Thu, 30 Jun 2011, Eric Anderle wrote:

> Hello Damien,
> 
> Thank you for your reply. Here at CITI, we have a security requirement
> that forces users to reauthenticate with SSH periodically, even if there
> is activity on the connection. We are using getpwnamallow() to ensure
> that the user is still authorized to use the system (e.g., /etc/passwd
> hasn't been modified or something like that). Our code enables the
> MONITOR_REQ_PWNAM call at all times for this reason.
> 
> That brings me to my next question. Another requirement is that all
> channels have to be temporarily disabled during reauth until the user
> has successfully reauthenticated with the openSSH server. Is there any
> mechanism to do that? I've tried many things, mainly in the
> server_loop2() and channel_input_data() functions, but I can't get any
> channels to stop accepting input/output and then start accepting it upon
> successful reauthentication.

No, there is no mechanism to do this in OpenSSH mostly because there is
no support in the protocol for reauthentication. I guess you could use
the packet queuing that we use for key reexchange to hold packets during
reauthentication, but there might be nasty interations if key rexechange
happens at the same time.

-d



More information about the openssh-unix-dev mailing list