NFS4 and remote access

Mike Eisler email2mre-linuxv4 at yahoo.com
Thu Apr 19 10:39:52 EDT 2007 


> -----Original Message-----
> From: Ian Grant [mailto:Ian.Grant at cl.cam.ac.uk] 
> Sent: Thursday, April 19, 2007 12:57 AM
> To: david m. richter
> Cc: nfsv4
> Subject: Re: NFS4 and remote access
> 
> 
> On 18 Apr 2007, at 22:11, david m. richter wrote:
> > 	perhaps i'm completely misunderstanding, but you have people  
> > generate private keys remotely -- like at the cybercafe mentioned  
> > above? put another way, where are your users' private keys  
> > located?  storing
> > private keys on untrusted computers doesn't work ...
> 
> Hi David,
> 
> This is now well and truly off topic. SSH key access works 

Actually it isn't. Security is an end to end issue.
Understanding how you secure the SSH connection is necessary
to understanding how your problem can be solved.

> like this:  
> the private key is remote (i.e. on the client) and the server only  
> has access to the public key. The private keys are expendable 
> because  
> they are only for the purposes of access from the place they are  
> stored. So, yes, the private key is vulnerable, but is only useful  
> from the host on which it was generated and only for the duration of 

> the legitimate person's use of that host.
> 
> In the case of a suspect host (like a cyber-cafe) we would expect  
> people to only use one-time passwords, not public key access.

How are the one-time passwords (OTPs) generated, and how does
the SSH server authenticate the end user?
You have an understandable aversion to multi-use passwords,
even if protected with an SSH channel. So if using
OTPs, there still has to be a way for the
user to prove he is who he says he is without using a
multi-use password. Short of using an external device
(a cell phone, pda, token key card, etc.), I don't know 
how to avoid multi-use passwords being entered
on a keyboard. If you are using OTPs from
an external device, then what you want to look at is integrating
that OTP technique into the Kerberos KDC and coax the KDC's
ticket granting server to give out TGTs once the OTP check is
done. Instead of encrypting the sensitive parts of the
TGT with the user's password, it would be encrypted with the OTP,
and then decrypted and stored in the user's ticket stash.

It would not surprise me if someone has already figured this out,
and there is code to grab.
> 
> I was only asking what other people do, I did not expect the third- 
> degree on our remote access policy! But I suppose that's inevitable  
> in a discussion about security.
> 
> Ian
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>

More information about the NFSv4 mailing list