[Osiris-devel]session key protocol now in place
Brian Wotring
brian at shmoo.com
Thu Aug 1 12:43:24 EDT 2002
the management daemon now generates session keys for each host, and
stores their SHA1 hashes in their host.conf file. Currently, it works
as follows:
[ scanning daemon ]
- upon every incoming connection, it has to present it it's session
key. this is done after the cert verification.
- if it doesn't have a session key, the message payload is empty and it
then expects to be given a key.
[ management daemon ]
- upon making a connection, receive a key.
- if no key is presented, generate a key, send it, and store the hash in
the host.conf file.
- if a key is presented, hash it and verify it against the hash in the
host.conf file.
- if hashes match, continue with communication.
- if hashes don't match, discontinue communication.
- if the host.conf file doesn't contain a hash, update it.
Basically, if the hashes don't match, something bad has taken place. If
the daemon doesn't have a hash, but the host.conf files contains a hash,
we know we gave that daemon a key, but it lost it, which means we know
the daemon was cycled. Questions, or concerns about any of this?
--
Brian Wotring ( brian at shmoo.com )
PGP KeyID: 0x9674763D
More information about the osiris-devel
mailing list