Use ssh key to acquire TGT?

Daniel Kahn Gillmor dkg-mit.edu at fifthhorseman.net
Fri Jun 1 16:52:04 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri 2007-06-01 13:32:56 -0400, Jeffrey Altman wrote:

> I do want to state that as a KDC administrator would have serious
> concerns with the use of SSH keys as a method of authenticating a
> user to my realm.  Users do not generate unique keys for hosts in
> separate authentication domains.  They tend to re-use the same key
> everywhere.  They also tend to copy the private keys all over the
> place.  As a result the risk of private key theft is high and there
> is no mechanism to know what systems have been compromised once the
> theft has occurred.

Furthermore, there is no clear mechanism to revoke an ssh key once it
is known to have been compromised.  For the specific case of using an
ssh key as an authentication method against a single realm, the
administrator of the realm in question can always force a re-keying of
the principal in question.

But as soon as you consider more than a single realm (or host, in the
classic ssh model), i don't know of a good, automated way to handle
ssh key revocation.

       --dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFGYIbtiXTlFKVLY2URAjuaAKC4hq+KYuhJ5zRwFKnTD2WVgHlRUwCgsX5G
X4/RkoCmz2Wplp9NgQEBXvQ=
=36TC
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list