John M. Harris Jr wrote:
> Oh, of course after fingerprint verification. Luckily, that can be
> accomplished by forcing a fake shell which would run a check to see if the
> home directory is already mounted. If it's not, it'd use the ssh agent, or
> equivalent, then execute the real shell. If it's already mounted, short
> circuit to the last step, executing the real shell.
How would that work? The shell runs on the server. The SSH agent runs on the
client, the only one that has the private key. How can the SSH agent know
that it is talking to your "fake shell" and not to an attacker's fake "fake
shell"? This needs to be part of the protocol, not hacked onto it.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
