On Sat, Jan 15, 2000 at 10:26:22PM -0800, Peter C. Norton wrote:
> > Good thought, especially with the tunneling options, but unless things
> > have changed, SSH still requires shell access -- something that should
> > not be required for mailbox access.
>
> Not really. It only spawns a shell because sshd's usual procedure is to
> invoke /bin/login as it's last action (step 10 in the sshd(8) version 1 man
> page). If you give the server a unique user, and that user has the server
> binary as it's shell... then you've saved some effort for yourself.
If I read this right, you're saying that to access a service X, the user
should (through an inteligent UA that hides the details, of course)
connect with SSH and log in to a user (named specifically for the
protocol being exchanged) with no password? That user would then have,
as a shell, a setuid-root binary (for those protocols requiring setuid
capabilities) that executes the required protocol handler?
This has definite advantages to it, the biggest I can see being no more
magic reserved port numbers. On the downside, I have at least a small
distrust for setuid binaries no matter how reliable the source. Also,
the initial connection setup cost for SSH is fairly high, both in terms
of wall time due to the number of exchanges required, and CPU time, from
my experience. Mind you, I always use RSA authentication, which adds a
second set of challenge-response exchanges. It would be interesting to
compare the connection cost of SSH (as outlined above -- a user with no
password running /bin/true for a shell) and SSL, both in terms of wall
time (important for perceived responsiveness) and CPU cost (important
for scalability).
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
