Re: Scripted SSH Key generation for users. (Script is as root)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

    J> I am trying to develop a system whereby a user has their
    J> public/private keypair generated at boottime.  Unfortunatly keys
    J> generated by my scripts are only valid for root,
    >>  What do you mean by this?  Keys are not "valid for" a user in any
    >> intrinsic way.

    J> A user can not logon as that user using a key generated as root.  I
    J> can only log in as root with a key generated as root.  Unless I am
    J> missing something obvious...

A key has no meaningful property marking it as "generated by" anyone in
particular.  There's often a comment to that effect, but it's just a
comment.  A key could be generated by root, your girlfriend, or a Martian,
and it would not make any difference; simply put the files in the right
place with the right ownership/permissions, and it will work.

    J> Both halves of the key are only used locally.
    >>  What does this mean?  Why would you only need to SSH back into the
    >> same host?

    J> The user is a dummy user, to allow limited access outside of a
    J> chroot jail.

    J> When a real user uses SFTP / SCP they are contained in a chroot
    J> jail.  There is no way to allow them out of this jail if they log
    J> in interactively (the design of OpenSSH precludes it).

    J> The system I am working on has a set of (assumed secure) scripts,
    J> which require access to the root filesystem, for these users.  The
    J> attempt is therefore to silently ssh back into the box, but outside
    J> the chroot jail.

Unless you are using a setuid/gid mechanism to limit access to the keys,
the user now has access to credentials allowing him to exit the jail.

    J> For security reasons I would like the keys used for this to be
    J> generated at boottime (no passphrases as the ressh'ing must be
    J> silent).

What "security reasons?"  You're using plaintext keys on disk, which is
essentially the same as putting the password in a filed named
PLEASE-STEAL-ME.TXT.  Are your reasons strong enough to balance out
disadvantages of that?

  Richard Silverman

Site Timeline