Re: agent draft (was Re: Secure Shell: Milestone Update.)

To: Niels Möller <nisse%lysator.liu.se@localhost>, Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: agent draft (was Re: Secure Shell: Milestone Update.)
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Fri, 18 Mar 2005 16:37:37 -0500

On Friday, March 18, 2005 02:44:00 PM +0100 Niels Möller<nisse%lysator.liu.se@localhost> wrote:

Simon Tatham <anakin%pobox.com@localhost> writes:

Bill Sommerfeld  <sommerfeld%sun.com@localhost> wrote:
>  3) if the agent is the only trusted one and the remote system is not
> trusted to see the cleartext private key, the key could be stored
> remotely in encrypted form and decrypted
> by the agent (using a passphrase or other means).  (very different use
> model.)

The PuTTY team has had quite a lot of requests for a use model like
this, because it provides other desirable features such as the
ability to store all your keys encrypted until they're first needed
and ask for their passphrases as required.


This leads to an interesting twist of password authentication.

Setup: User creates a keypair, and encrypts the private half using a
passphrase. (This naturally has to be done on a trusted machine). User
transfers public key and encrypted private key to one or more servers.

Login: Client asks server for encrypted private key. User types in
passphrase to decrypt it. Key is used to sign the session id, just
like for plain publickey authentication.

This seems like an interesting model, and quite possibly the subject of adraft describing a new userauth method. Whether that's something this WGwould want to accept as a work item, I don't know -- we seem to alreadyhave a lot of documents on our plate that aren't getting enough attention.

My main concern at the moment is that the approach you describe would makeit fairly easy to obtain a copy of the encrypted private key on which toperform an offline dictionary attack...

I suppose I could also insert a plug here for the gssapi-with-mic userauthmethod, used in conjunction with the Kerberos GSSAPI mechanism. It isentirely reasonable for an ssh client to prompt a user to obtain Kerberostickets by typing a password, then use the resulting tickets toauthenticate to the ssh server. In fact, I believe there areconfigurations in use today which work this way, when the user doesn'talready have tickets.


-- Jeff

Follow-Ups:
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Niels Möller

References:
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Simon Tatham
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Niels Möller

Prev by Date: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Next by Date: Re: Secure Shell: Milestone Update.
Previous by Thread: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Next by Thread: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Indexes:

Home | Main Index | Thread Index | Old Index