Mail Archives: cygwin/2001/04/01/13:26:50
On Sun, Apr 01, 2001 at 09:29:10AM -0700, Karl M wrote:
> Hi Corinna and All...
>
> I need to allow multiple users to log on to a win2k system with ssh, but I
> am concerned about the security of allowing password authentication. I
> understand that curently you need to get the password to the sshd host so
> that the setuid can work and that this is why you use password
> authentication. You mentioned that some other software would be required to
> eliminate this need.
>
> How big a job is this and how would it work?
It's a lot of work.
It had to use a NT low level authentication library called LSA
(Local Security Authority). It requires writing a special DLL called
LSA authentication module which has to be installed in the system
together with a change in the registry. Then sshd would have to be
splited into two parts, the sshd service itself which controls the
communication and calls the LSA module and the LSA module which would
have to check the RSA/DSA keys and to allow the log in.
Note that that means that OpenSSH would need a lot of restructuring
just to be able to allow RSA/DSA on one system (WinNT) while it works
wonderful on all other systems (OpenBSD, Linux, Solaris, Win9x, ...).
> Are you considering writing it in the future?
We already considered to write it but since it's a very time consuming
effort neither I nor anybody else at Red Hat would be able to do it
without a paying customer. The result would then be OSS again as long
as the customer doesn't demand getting a proprietary solution (which
I don't hope).
BTW, using that method for logon introduces another problem. Since the
user never typed her password the created user token has no credentials
to open network connections. This requires the user to call
`net use ...' for each network resource and each call requires a
password!
> Is there annother way we could get the password to the sshd host?
>
> I would be willing to type a passphrase and a password to log in. The
> passphrase would allow RSA authentication; the password would allow the
> setuid to work. Then I would disable password authentication in the
> sshd_config file. I would then have a secure authentication without worrying
> (as much) about users selecting weak passwords. I don't see any security
> holes introduced by this, as the tunnel is open when we bring the password
> through.
That all sounds as if you think the password would be send
clear text. That's not true for ssh. The password is encrypted
using the method negotiated between ssh client and sshd server.
OTOH you can force the user to use strong passwords on NT systems
(password policy) while you can't force the user to use a strong
passphrase when using RSA/DSA authentication. This remains a
problem in the neck of the client side's administrator.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -