[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-shell
Subject: Authorisation forwarding
From: Julian Assange <proff () suburbia ! net>
Date: 1996-08-01 2:57:27
[Download RAW message or body]
Here is a new authorisation concept for ssh.
"decentralized certification authorities with authorisation forwarding".
Each ssh server becomes a certification authority. When a user is
authorised by the server to do x,y,z (e.g x=talk to us, y=shell, z=with
groups wheel,admin,user) this fact together with why authorisation was
granted (e.g trusted certificate from remote, trusted host, password,
appeared in authorised_keys etc), a nonce and date-stamp is signed with
the host's private key and stored as a file in a .ssh/.certificate
directory on the server and also sent back to the client.
When the user attempts to make a subsequent connection the credentials
granted by the first server are (unless the user requests otherwise)
forwarded to the second server, which makes a decision on whether or
not to authorise the user based on current ssh restrictions and the
additional credentials provided by the first server.
This permits hosts to do "I permit users holding credential x from host y
generated by method q to do z", regardless of what route was taken to
grain it, or to connect to the host seeking authorisation.
ssh could additionally be expanded to allow *hosts* to provide other
credential information signed by third parties. For example, the
"netgroup server felix" has a list of public keys of hosts belonging to
the "felix" division. At any time any one of these hosts can connect to
sshd on felix, and request a "felix" certificate. The certificate is
date-stamped, nonce-stamped, expiry stamped stamped and signed by the
issuer(s) and the requestor. (might as well make it a full X509
certificate really). This then permits hosts to trust anything carrying
the "felix" certificate - without having to trust, or arrange for key
distribution of all users/hosts in the "felix" group.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic