[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH revised

From: Tom Bachmann
Subject: Re: SSH revised
Date: Sat, 25 Mar 2006 10:08:20 +0100
User-agent: Mozilla Thunderbird 1.0.7 (X11/20051031)

Marcus Brinkmann wrote:
At Fri, 24 Mar 2006 15:11:31 +0100,
Tom Bachmann <address@hidden> wrote:

Is this a highlevel (how can we implement a secure remote shell?) or a
lowlevel (how can we implement ssh?) qestion?

I would be interested in your take on the first question, but my
intention was to review the SSH protocol specifically, because it is
in wide use.

Uhm, I hope I do not misunderstand you, but I take this as an invitation to explain some of my thoughts.

As described in one of my mails [1] to coyotos-dev and somewhere on the E language homepage [2] it is possible to implement transparent "remote" capabilities, i.e. caps that are invoked like normal local ones but that actually invoke servers on other machines over the net. There seem to be some tricky minor problems (mostly related to the split of knowledge between the invoking app and the forwarder(s) and the split of knowledge between the forwarder(s) and the server invoked) if you dig into details, but all in all it is possible.

The next point is that the implementation described allows transparent encryption of traffic.

So a secure remote shell fitting IMHO nicely into the common hurdish object model would just be a remote cap to a terminal on an other machine.

This leaves out the problem of authentication (that is part of the original discussion, too). It is a chicken vs. egg problem and cannot be solved by means of normal capability semantics, AFAIUI.

[1] http://www.coyotos.org/pipermail/coyotos-dev/2006-February/000429.html
[2] http://www.erights.org/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]