As an exercise (final project) for my computer security class, I'm
planning on implementing an NFS-like extension to OpenSSH that will
automatically "mount" the remote machine's filesystem in a subset of the
current directory (thus giving even more 'transparency' to the interface
and eliminating much of the need to use scp back and forth).
My partner is planning on altering OpenSSH such that it can do SSL-type
third-party authentication, instead of relying on the first-contact setup
that is currently in place.
We were also planning on implementing some interesting things such as PAM,
but (to our chagrin) we found that you folks had already gotten there
first. :)
My reason for posting this is threefold:
A) I would like any comments that you folks have on the ideas above.
(Yes, "that's a stupid idea and no-one would use it" is a valid
comment as well-- it tells us that we may want to change what we're
doing)
B) I've been looking through the code and listening to the list for a
little while now, and I've noticed mentions of RSA and SSL, but
I haven't found any evidence of a trusted third-party authentication
scheme. Third-party is the only version of RSA/SSL that I (in my
admittedly quite limited cryptography knowledge) have heard of,
but from what I can glean from the code, OpenSSH does some type of
two-party RSA authentication. Any light?
C) I'm trolling for volunteers that I can email when my team gets
-really- stuck (and no, I don't mean that I'll email at the first
sign of trouble, this will probably be limited to maybe one or two
cries of 'heeeelp' during the semester). Are there any brave souls
out there?
Thanks for your help and support. Of course, if any of the code that
I/we develop actually seems to be of use to the project, it'll happily be
handed over...
-Sean Lisse,
Rice University Computer Science class of 2000
(Somehow I feel that I should include a public key of some sort
here... :P)
planning on implementing an NFS-like extension to OpenSSH that will
automatically "mount" the remote machine's filesystem in a subset of the
current directory (thus giving even more 'transparency' to the interface
and eliminating much of the need to use scp back and forth).
My partner is planning on altering OpenSSH such that it can do SSL-type
third-party authentication, instead of relying on the first-contact setup
that is currently in place.
We were also planning on implementing some interesting things such as PAM,
but (to our chagrin) we found that you folks had already gotten there
first. :)
My reason for posting this is threefold:
A) I would like any comments that you folks have on the ideas above.
(Yes, "that's a stupid idea and no-one would use it" is a valid
comment as well-- it tells us that we may want to change what we're
doing)
B) I've been looking through the code and listening to the list for a
little while now, and I've noticed mentions of RSA and SSL, but
I haven't found any evidence of a trusted third-party authentication
scheme. Third-party is the only version of RSA/SSL that I (in my
admittedly quite limited cryptography knowledge) have heard of,
but from what I can glean from the code, OpenSSH does some type of
two-party RSA authentication. Any light?
C) I'm trolling for volunteers that I can email when my team gets
-really- stuck (and no, I don't mean that I'll email at the first
sign of trouble, this will probably be limited to maybe one or two
cries of 'heeeelp' during the semester). Are there any brave souls
out there?
Thanks for your help and support. Of course, if any of the code that
I/we develop actually seems to be of use to the project, it'll happily be
handed over...
-Sean Lisse,
Rice University Computer Science class of 2000
(Somehow I feel that I should include a public key of some sort
here... :P)