-
Notifications
You must be signed in to change notification settings - Fork 2
mjl-/ssh
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
# status can be used, still needs a (security) review. # intro this package contains an ssh client, sftpfs and the library that the client uses. the goals are to let plan 9 & inferno users use resources from another (unix) machine: interactive shell, file server, and eventually network. for the future, an ssh server is planned. # install first, make sure you have "util" installed. change mkconfig if you do not have $ROOT set. now "mk install" to compile and install the files. when building from within inferno, insert SYSHOST=Inferno and ROOT= in the mk invocations to override the values in the mkconfig. # using to use this code, you need several steps. create an empty sshkeys file. this stores host public keys. touch lib/sshkeys start the tool (from within wm/wm, perhaps through lib/wmsetup) that will ask you for host key verification on first connect: auth/sshkeys & now you are ready to connect: ssh user@hostname or: mount -c {sftpfs user@hostname} /n/hostname on first attempt, you'll be asked for dsa & rsa keys by factotum. you can skip those at first (hit "done"; rsa auth does work, you just need to import the keys in the right format...). then you'll get a prompt from factotum for a password. # download the latest version can be found at: https://bitbucket.org/mjl/ssh # licence & author all files expect except ssh-rsa.b and ssh-dsa.b in appl/cmd/auth/factotum/proto/ (which are derived from inferno) are in the public domain. this code has been written by mechiel lukkien, reachable at mechiel@ueber.net. # todo - security problem: i don't know how big (number of bits) the dh client side secret should be, and whether we should verify if it's correct/secure. - factotum: change proto=rsa & proto=dsa to not query user for keys if none matching. IO.findkeys() probably needs flag to not require a match: "keymanc <-= (attrs, 1, kc); # TO DO: 1 => 0 for not needed" - see if there is a race with newkeys. we probably should use our new keys after we send the newkeys message, and likewise for when the newkeys message from remote comes in. - sshlib: check that dh param from server is valid/sane? - sshlib: zero out sensitive data after use. can we do that with ipint too? and encryption algorithm state. - think about sshnet - sshlib: do auth keyboard-interactive? is there a generic challenge-response method in factotum? - sftpfs: deal with case where sftp readdir does not return stat attributes? openssh sftp server is fine, others may not be. - sftpfs: allow giving path for uid/gid -> name translation? needs care if that file is served by sftp. - sftpfs: cache attrs for a short while? for styx stat after styx walk (for both we do an sftp stat). could help for create & remove too. - sftpfs: read directories ahead, as optimisation? - sshlib: make it faster. the expmod() calls for the dh exchange take up seconds. perhaps i use too many bits? - sshlib: do rfc4419 "diffie-hellman-group-exchange-sha256". inferno first needs sha256 for that. - sshlib: compression. it's hard in inferno, because we have to flush the buffers for each packet (but keep compression state). inferno's deflate filter doesn't support that. - crypto: cast128-cbc, test/fix blowfish, sha256, ripemd160 - test IDEA? - test against other sshd's than openssh (e.g. dropbear, lsh, more?) # docs see doc/rfc.txt for the relevant rfc's and some excerpts from it. sshpubkey turns the public part of key (from factotum, or as generated by dsagen,rsagen) into a string you can put in an openssh .ssh/authorized_keys.
About
ssh, limbo, from mercurial
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published