On Thu, Aug 01, 2002 at 08:09:31AM +0900, sen_ml@eccosys.com wrote: > Hi, > > From: "Karl E. Jorgensen" <karl@jorgensen.com> > Subject: Re: service enablement via mail and otp? > Date: Wed, 31 Jul 2002 13:47:16 +0100 > > > On Wed, Jul 31, 2002 at 02:01:14PM +0200, Marcin Owsiany wrote: > > > On Wed, Jul 31, 2002 at 01:37:30PM +0900, sen_ml@eccosys.com wrote: > > > > Hi, > > > > > > > > For some time, I've been toying w/ the idea of putting together > > > > something that would allow me to trigger the starting/stopping of > > > > various services [1] via a mail message containing some kind of OTP. > > > > > > Recently I have seen someone posting an URL to his program which does > > > something like that. It used GPG. > > > > > > I can't find the post, but I think you could find it looking for > > > keywords like "mail" "execution" "remote" etc.. > > > > > > I guess it was this list, but I'm not sure. > > > > That someone could have been me: > > http://www.karl.jorgensen.com/smash > > > > Note: This is not production quality (yet). I use it myself on a couple > > of machines and find it useful. Testers and bugreports are > > welcome. Eyes on the source to find security weaknesses are in > > high demand. Read the man-page. Caveat Emptor. > > This could be nice...too nice for me perhaps (-; > > I've downloaded a copy and taken a quick look at the man page -- I > didn't notice anything about mechanisms for dealing w/ replay attacks > in the man page -- are there any? No. I have to admit that I hadn't even thought about replay attacks :-(. I'll have to see what methods others have employed to avoid them (or think up a probably-less-secure method myself). Thinking about it: this would definitely be a good thing to add to smash. At some point I did ask on this list for where to find QA resources and got a couple of good answers. But unfortunately I haven't yet had time to follow up on them. > The reason I like the OTP design for my particular situation is that I > don't want to carry around a PGP key [1] and I don't want to mess w/ > doing some kind of round-trip-challenge-response thing via mail to > deal w/ potential replay attacks. Hm... GPG *does* have a --symmetric option, which seems to not use keys at all. Assuming that a suitable method for generating (and keeping-in-sync) passphrases between your PDA and smash, do you think that would be suitable for you? This probably implies storing/generating acceptable passphases locally (for smash) in clear-text... [ Almost going off-topic for this list now...] > I'm also more comfortable w/ only allowing limited command execution > -- specifically, only starting a single-session-only sshd (perhaps > stopping sshd too) -- so that worse case, someone can only start sshd > on a machine I'm looking after. Any plans for limiting the commands > to be executed? Not yet. But it should be reasonably simple to add extensions to check the script immediately before execution. I'd prefer to implement such extensions as separate scripts. I like that idea. One more on my TODO list. However, I *do* have plans to allow commands to be mime-decoded and executed under a different user. This is mostly to ringfence any bugs in the mime decoding (which I suspect is not "strong" security-wise). This would also help to protect ~/.gnupg/* and ~/.procmailrc. > [1] I've got OTP calculators for my PDA which I'm fine w/ carrying. > Actually, what I don't want is to carry around a secret key and a > corresponding device to do the encryption/signing/decryption > (perhaps some day PDAs will do this comfortably). I'm not about > to place a secret key of mine on someone else's machine... Which OTP calculator (and PDA) do you use? I've got a PDA too, and this might be handy for me too... [ This is probably OT for this list...] -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com ==== Today's fortune: What the scientists have in their briefcases is terrifying. -- Nikita Khruschev
Attachment:
pgpe2i_fOLvb6.pgp
Description: PGP signature