On 13-10-11 15:50, Madog <madogdevelopment@gmail.com> wrote:
Hi Stefan:
Thanks so much for the ping backā¦.my sense is while what you are suggesting is "the right way", it's not practical for our user base (i.e., to ask them to generate an ssh key, email etc.).
What you are suggesting is dangerously negligent with regards to security. Key exchanges by sending around private key material amounts to no sensible encryption or security at all, only a weak simulation thereof. Which might fool some of your users thereby endangering their privacy, the integrity of their data and of your service.
You may be able to make the process more user-friendly by automating things, e.g. create a nice GUI for key creation and a phone dialogue system or automatically printed mail-in form to verify fingerprint and userid, but the basic steps will remain:
- user creates keypair
- user sends public key and fingerprint along with his userid.
- you verify that public key and fingerprint match
- you verify the authenticity of fingerprint and userid
- only if the previous two steps were successful: you authorize the public key for this userid.
- the private key must never leave the user's computer
A similar process is used to assure the user of your servers authenticity by means of the server's hostkey fingerprint.
So that might bring me back to the other parts of the email - can we work with some sort of encrypted tunnel without using ssh?
Maybe you could modify the x2go components to tunnel via openssl or gnutls, but that does not really solve your problem. You need a secure way to authenticate the user and for that you either need a verified public key from the user (be it X.509 or ssh) or the user needs to set some kind of password in a secure way. There are ways to do this, but one needs to be careful to ensure mutual authentication, which is exactly the same kind of problem as with the ssh keys.
Also, generally any kind of "build-your-own"-security is very dangerous. History has shown that each of those homegrown solutions were lacking in important aspects, at least in the first few iterations of CVEs... Try to use ssh and do it the right way, you and your customers will be happier in the long run.
Ciao,
Alexander Wuerstlein.