Sorry for my not so good english...

I would like some advice if someone is interested in my problems or has tried
something similar.
(I use linux for this project).
I want to setup dumb terminals with ssh. I want them to be able to be dumb
character terminal, but also graphical dumb terminals with tunneled vnc. I use
ltsp as a basis for boot.
First the terminal mount its root filesystem read-only, and then creates a small
ram-disk file-system read-write, for /tmp and /var and some other file needing
read-write permissions.

At this point, I would like the user sitting on the terminal to be prompted for
a user name, a password, a passphrase if there is some, and nothing more after
that for all the ssh like command used (be it slogin, scp, ssh tuneling, and so
on). I would also prefer a solution where there is no /etc/passwd-shadow on the
root fs, or only with a fake user which won't compromise security.
To implement that I had the following idea :

1) Get the user login and the user private key using scp. (a programm
asks the login name, $SSH_USER, and then launch 
        scp -l $SSH_USER@server:/private/key/file /tmp/ssh-private-$SSH_USER
If scp didn't failed, it puts the user login in $SSH_USER environment variable
and the private key is in /tmp/ssh-private-$SSH_USER.

2) Then start ssh-agent, which in turn starts a script in which the first
command is ssh-add /tmp/ssh-private-$SSH_USER.

3) in the following sections of the script, run arbitrary ssh commands.

Now some questions : 

no user will be known locally besides root. Is it a problem ? Thus ssh-agent,
ssh-add will be launched by root, and the /tmp/ssh-private-$SSH_USER file would
be also owned by root. Is it a problem ? 

In the 3) part, all commands will be launched with ssh -l $SSH_USER by root. Is it
annoying, and does it leads to possible security holes, like $SSH_USER being used
to pass bad arguments to ssh, as root ?

Could the trick of using an environment variable for the user login be source
of security problems ?

For enhanced security, would it be possible to do a rm /tmp/ssh-private-$SSH_USER 
after the ssh-add command ?

Is the login like programm which has to be used in the 1) part, which get the
user login and in that case use scp for the password to be written using
special care ? Did someone allready do it (or a similar one which would launch 
ssh instead will certainly be easily used for that) ?

Thanks for your attention, hoping that it will interest you.


Reply via email to