Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well I wish to offer console access to customers of mine, and dealing with keys may prove to be a hassle for them?
If it's not possible, if I were to give all customers the same key, would each connection be encrypted individually? (i.e. user A coudn't decrypt the payload of user B's connection)
Thanks
Last edited by jonnytabpni; 06-22-2010 at 07:01 AM.
I wish to provide shell access to a console program, which will prompt for a username and password. Encryption is essential though, and users must not be able to snoop in on each other
If either of you read my question, you would actually see that security does matter to me, and this is my question on this thread. All I was simply intending on doing was offloading the authentication from SSH to a third party app. Look at my quote above.
Quote:
Erm come again.... You're selling a service to customer on the basis that it has deliberately crippled security???
No, I'm not. I'm asking here if what I was considering doing would criple security, and if it does I won't. I think you have answered this question in your sharp comment. Additionally, the users would still have to authenticate themselves with another program that launches upon login. This is a forum where people ask questions. And since I am new to this area, I think it is a perfectly reasonable thing to ask.
Anyway, the helpful people over at serverfault have answered this question for me, and I'll post the correct answer here for anybody who arrives here looking for a proper answer:
The way SSH works, is that the "encryption keys" are initally exchanged. However these keys themselves are exchanged in an encrypted fashion using the public/private key pair, so indeed every customer needs to have their own public/private key pair to ensure that they can't snoop in on each other.
Last edited by jonnytabpni; 06-23-2010 at 02:51 AM.
well yes they do need their own, unless you want to configure ssh in such a way as you use a single key for all user authentication, which is possible, but horrible.
So you're using preshared keys? Like I initially said? Super.
well yes they do need their own, unless you want to configure ssh in such a way as you use a single key for all user authentication, which is possible, but horrible.
So you're using preshared keys? Like I initially said? Super.
Yup, sure am (Or at least going to - the system doesn't exsist yet).
On a side note, are you able to use a "forced command" with a username/password login? (i.e. not using PSK)? Let's say I want to bring up a menu when the user logs in, for example
No, forcing a command for a username/password-login is AFAIK not possible by SSH means, but you could use software like jailkit. But this sounds like overkill. Maybe you can write a little windows application implementing a tty on a "simple" ssl connection, e.g. by using putty's terminal code with some openssl..?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.