Authentication on Untrusted Remote Hosts with Public-Key Sudo
نویسندگان
چکیده
Tw o common tools in Linuxand UNIX-based environments are SSH for secure communications and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this paper, we describe a weakness in their interaction and present our solution, public-key sudo. Public-key sudo1 is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. We describe our implementation of a BSD SSH authentication module and the SSH modifications required to use this module.
منابع مشابه
Secure remote user access over insecure networks
Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environment. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, publickey infrastructure, or secure hardware. In this paper, we present secure password-based protocols for remote user authenticatio...
متن کاملUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer (Revised March 2007)?
Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users’ financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user’s long-term secret input from (typically untrusted) client PCs; a client P...
متن کاملUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer
Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users’ financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user’s long-term secret input from (typically untrusted) client PCs; a client P...
متن کاملPassword Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks
We study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart ca...
متن کاملA Public-key based Information Management Model for Mobile Agents
Mobile code based computing requires development of protection schemes that allow digital signature and encryption of data collected by the agents in untrusted hosts. These algorithms could not rely on carrying encryption keys if these keys could be stolen or used to counterfeit data by hostile hosts and agents. As a consequence, both information and keys must be protected in a way that only au...
متن کامل