[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: creative ssh-agent uses



On Thu, 07 Dec 2006, Stefan Denker wrote:

> On Mon, Dec 04, 2006 at 09:25:38PM +0200, Ratiu Petru wrote:
> > What I'm thinking is to provide a static string as a challenge and use the
> > response as the cryptodevice password, but I can't find a program that
> > allows me to manipulate the socket this way. This mechanism might also be
> > used for other purposes, stacking public key authentication in a "normal"
> > password-based login.
> 
> I do not think this is a good idea. If the challenge is static, the
> response will be, too. Then you might be vulnerable to replay-Attacks. 
> 
I perfectly understand. However, I _need_ a static password for cryptsetup,
i just wanted to make it somehow dependent of the agent to skip prompting
for it in the backup script. I am aware of the fact that someone who knows
the password can mount the cryptsetup directly, I can't improve that.

I found somewhere a script that was supposed to use ssh-agent like I wanted
to (encrypt stuff through it), but all it did was to crash my agent :)

The gpg-agent is a nice idea too, but we already have an existing ssh
infrastructure and not all guys involved have gpg keys, so I'm trying to
avoid that if possible.



Reply to: