From: Black Unicorn <unicorn@schloss.li>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: 323aa9c01373f327ac9343ffecc1e4465efbf9087f9608d72e0a8006f0b7dc8a
Message ID: <Pine.SUN.3.96.970415125057.28199L-100000@polaris.mindport.net>
Reply To: <199704150514.WAA03580@proxy1.ba.best.com>
UTC Datetime: 1997-04-15 17:02:14 UTC
Raw Date: Tue, 15 Apr 1997 10:02:14 -0700 (PDT)
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 15 Apr 1997 10:02:14 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: Useful utility?
In-Reply-To: <199704150514.WAA03580@proxy1.ba.best.com>
Message-ID: <Pine.SUN.3.96.970415125057.28199L-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain
I've been hearing a lot of complaints from sysadmins who I try to convince
to run SSH lately.
"Key management is too difficult."
"I cant keep track of all that stuff."
I think that an interesting answer might be a ssh key issuing "robot." or
vending machine of sorts.
It might works something like this.
User wants access to the sshd running host.
Sysadmin gives the user a one time key only good for connecting to the
vending machine via SSH. Would be nice if the robot recycled the password
every time a successful connection was made.
Connecting to the vending machine, the user would fill out a form
including the hostnames he was likely to connect from and etc.
After filling out that form, the user would be issued a key for the
system, which would be automatically entered into authorized_keys.
Whatever other automation was needed to get a user up and running on SSH
would be executed.
Of course, the main problem is that the sysadmin could capture the secret
key of the user and use it to create a false login trail or other
mischief. This could be avoided by allowing a user generated key to be
submitted, of course. Ideally both options would be presented with a
"less secure" warning for the former.
Might make a nice project for someone fluent in perl, or even a webpage.
I'd do it my self if my programming talents were not so pathetic.
Comments?
--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist Switzerland
Return to April 1997
Return to “Marc Horowitz <marc@cygnus.com>”