[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH revised
From: |
Christian Helmuth |
Subject: |
Re: SSH revised |
Date: |
Thu, 23 Mar 2006 16:29:09 +0100 |
User-agent: |
Mutt/1.5.11+cvs20060126 |
Hi,
On Mon, Mar 20, 2006 at 11:16:49PM +0100, Marcus Brinkmann wrote:
> Hi,
[...]
> The shell command requires capabilities (file system, etc) that are
> not available to the ssh server, and should not be. This raises the
> issue if the ssh server should be split up into two parts, a system
> part and a user part, or if there should be a system ssh server at
> all. There are a couple of potential models:
>
> 1) Every user gets their own (virtual) domain and runs their own ssh
> server. IPv6 is right around the corner, isn't it? :)
> Then you just use "ssh username.hostname.org" and that's it.
>
> 2) Every user runs their own ssh server, but on a different port (ouch!).
I think these do not match with MAC-alike system policies. If an
administrator/owner wants to restrict the options a specific user has to
enter the system via SSH, there must remain a small "system" ssh server
part. An example could be the limitiaton to SSH2.
> Approach 3 seems to be a compromise. It sounds tricky to get right,
> but it provides a hint to a solution in the case where approach 1
> would not work, for example because you need to do the host
> authentication with the _host_, and not with the user account, or
> where the operating system needs to provide some other capabilities
> beyond the network connection. It also fits "better" with the
> traditional Unix model of internetworking.
I hope my remarks are complementary the details above. ;)
Ciao
--
Christian Helmuth
TU Dresden, Dept. of CS
Operating Systems Group
http://os.inf.tu-dresden.de/~ch12
- SSH revised, Marcus Brinkmann, 2006/03/20
- Re: SSH revised,
Christian Helmuth <=
- Re: SSH revised, Marcus Brinkmann, 2006/03/27
- Re: SSH revised, Christian Helmuth, 2006/03/28
- Re: SSH revised, Marcus Brinkmann, 2006/03/28
- Re: SSH revised, Christian Helmuth, 2006/03/28
- Re: SSH revised, Bas Wijnen, 2006/03/28
- Re: SSH revised, Marcus Brinkmann, 2006/03/28
- Re: SSH revised, Christian Helmuth, 2006/03/29
- Re: SSH revised, Marcus Brinkmann, 2006/03/29
- Re: SSH revised, Bas Wijnen, 2006/03/28
- Re: SSH revised, Marcus Brinkmann, 2006/03/28