[plug] security qn: auth from Windows clients to Linux server

[Timothy White]

For SSH I'd just uses keys. I know this can raise problems of you not
having your key with you but if you carry a USB thumbdrive around like
I see lots of ppl do now days it shouldn't be a problem.
Just make sure you have a separate account on the server to your
normal one so that you carry that key around instead of your 'more
powerful' one. Also remember to remove your private key from the
machine after use. I think (don't know) that putty has a key manager,
maybe you can set it up on the thumbdrive so that it's all
automatically done to work off your thumbdrive when you use putty.

Of course this does lead to a security risk when someone gets your
thumbdrive. For that reason I'd want to look at OTP as someone has
already mentioned. Still, keys provide you with a secure connection
without a key logger being able to pick up a password, just make sure
you don't type your password to another server from your ssh session.

Just thinking. You could have a script in your login script that
appears to do nothing but if you don't press the right key at the
right time (i.e. Enter after 3 seconds from when the 'start' period
appears) won't unlock your key chain on the server. That way you can
have a ssh account which you carry the private key for, but that ssh
account is limited and only contains junk and of course the private
keys for other ssh accounts but in a locked form. This way
compromising the intial account gets you no where unless you know how
to use it.

e.g.
$ ssh camiroi
Last login: Thu Jul 28 17:22:32 2005 from 192.168.0.43
Checking for something...
<Then after 3 seconds press Enter>
Can't Find Something, Press Enter to Continue without. <Don't press
anything cause you already pressed Enter>
tim at camiroi:~$ <Prompt appears but script has unlocked keys>

And when the hacker tries
$ ssh camiroi
Last login: Thu Jul 28 17:22:32 2005 from 192.168.0.43
Checking for something...
Can't Find Something, Press Enter to Continue without. <After 5
seconds or seomthgin the error appears, hacker then presses enter>
tim at camiroi:~$ <Prompt appears, keys are still locked.>

That way the hacker would follow their key logged input hoping to get
in, and while it appears the same, it in fact is different!

Of Course the logout script would lock the keys again, or a cron job.
You'd probably also want a dynamic login logout script so that the
hacker can't read the contents and find out what is happening.
Possibly the best way to do this is to have a cron script that checks
for the user having logged out and places the appropriate login script
there and locks the keys. The login script replaces it's self after
running so that the hacker doesn't get the real script.

Ok, So I've just presented a possible solution, I don't know how I
came to it. Maybe I once again thought like a hacker, or it could be
cause I am one!! For the record though, I'm not a cracker and I just
can think around lots of security. If you want help implementing the
above method. Just buzz. As long as someone can think of what the
something is when can check and fail for then I'll be fine!

Tim