[Osiris-devel]session key protocol now in place
Paul Holman
pablos at shmoo.com
Mon Aug 5 18:02:53 EDT 2002
Brian,
It sounds like you've implemented just what we talked about. I'd
suggest one further precaution, which is enforcement of filesystem
permissions by the management daemon on execution. SSH for example
won't run if your private keys are world read/writeable. So the
management daemon's first task should be to ensure the host.conf file is
protected.
Other than that, it looks great.
Thanks, pablos.
On Thursday, August 1, 2002, at 09:43 AM, Brian Wotring wrote:
> the management daemon now generates session keys for each host, and
> stores their SHA1 hashes in their host.conf file. Currently, it works
> as follows:
>
> [ scanning daemon ]
>
> - upon every incoming connection, it has to present it it's session
> key. this is done after the cert verification.
> - if it doesn't have a session key, the message payload is empty and it
> then expects to be given a key.
>
> [ management daemon ]
>
> - upon making a connection, receive a key.
> - if no key is presented, generate a key, send it, and store the hash
> in the host.conf file.
> - if a key is presented, hash it and verify it against the hash in the
> host.conf file.
> - if hashes match, continue with communication.
> - if hashes don't match, discontinue communication.
> - if the host.conf file doesn't contain a hash, update it.
>
> Basically, if the hashes don't match, something bad has taken place.
> If the daemon doesn't have a hash, but the host.conf files contains a
> hash, we know we gave that daemon a key, but it lost it, which means we
> know the daemon was cycled. Questions, or concerns about any of this?
>
> --
> Brian Wotring ( brian at shmoo.com )
> PGP KeyID: 0x9674763D
>
--
Paul Holman
The Shmoo Group
pablos at shmoo.com
415.420.3806
More information about the osiris-devel
mailing list