Marcus Brinkmann wrote:
At Fri, 24 Mar 2006 15:11:31 +0100,
Tom Bachmann <[EMAIL PROTECTED]> wrote:
Is this a highlevel (how can we implement a secure remote shell?) or a
lowlevel (how can we implement ssh?) qestion?
I would be interested in your take on the first question, but my
intention was to review the SSH protocol specifically, because it is
in wide use.
Uhm, I hope I do not misunderstand you, but I take this as an invitation
to explain some of my thoughts.
As described in one of my mails [1] to coyotos-dev and somewhere on the
E language homepage [2] it is possible to implement transparent "remote"
capabilities, i.e. caps that are invoked like normal local ones but that
actually invoke servers on other machines over the net. There seem to be
some tricky minor problems (mostly related to the split of knowledge
between the invoking app and the forwarder(s) and the split of knowledge
between the forwarder(s) and the server invoked) if you dig into
details, but all in all it is possible.
The next point is that the implementation described allows transparent
encryption of traffic.
So a secure remote shell fitting IMHO nicely into the common hurdish
object model would just be a remote cap to a terminal on an other machine.
This leaves out the problem of authentication (that is part of the
original discussion, too). It is a chicken vs. egg problem and cannot be
solved by means of normal capability semantics, AFAIUI.
[1] http://www.coyotos.org/pipermail/coyotos-dev/2006-February/000429.html
[2] http://www.erights.org/
--
-ness-
_______________________________________________
L4-hurd mailing list
L4-hurd@gnu.org
http://lists.gnu.org/mailman/listinfo/l4-hurd
