Re: SSH revised

[Tom Bachmann]

Marcus Brinkmann wrote:
> At Fri, 24 Mar 2006 15:11:31 +0100,
> Tom Bachmann <address@hidden> wrote:
>
> > Is this a highlevel (how can we implement a secure remote shell?) or a
> > lowlevel (how can we implement ssh?) qestion?
>
>
> I would be interested in your take on the first question, but my
> intention was to review the SSH protocol specifically, because it is
> in wide use.

Uhm, I hope I do not misunderstand you, but I take this as an invitation 
to explain some of my thoughts.

As described in one of my mails [1] to coyotos-dev and somewhere on the 
E language homepage [2] it is possible to implement transparent "remote" 
capabilities, i.e. caps that are invoked like normal local ones but that 
actually invoke servers on other machines over the net. There seem to be 
some tricky minor problems (mostly related to the split of knowledge 
between the invoking app and the forwarder(s) and the split of knowledge 
between the forwarder(s) and the server invoked) if you dig into 
details, but all in all it is possible.

The next point is that the implementation described allows transparent 
encryption of traffic.

So a secure remote shell fitting IMHO nicely into the common hurdish 
object model would just be a remote cap to a terminal on an other machine.

This leaves out the problem of authentication (that is part of the 
original discussion, too). It is a chicken vs. egg problem and cannot be 
solved by means of normal capability semantics, AFAIUI.

[1] http://www.coyotos.org/pipermail/coyotos-dev/2006-February/000429.html
[2] http://www.erights.org/
--
-ness-