Re: Event Based Operations Problem - WeOnlyDo Discussion board

Re: Event Based Operations Problem (General questions)

by wodSupport, Wednesday, September 01, 2004, 11:48 (7386 days ago) @ Anyz

Anyz,

1- First of all certificates are just used for user authentication >they have nothing to do with data encryption. SFTP protocol bening >on top of SSH makes sure every data sent over wire is encrypted. Is >it correct?

Correct. SSH/SFTP is always encrypted, no matter what type of authentication you select.

2- Possessing a Public Key mean a user has authority to connect >server he/she don't need password in this case. Is it correct?

Correct. You connect with what you have instead of what you know .

3- Right now i have used Action=Alow to let every user connect but >user specifice keys can be generated and used for each user. How, >plz guide me?

In LoginCertificate event there is 'Certificate' argument. When someone connects, you must look in your local list of certificates (what kind of list, how do you keep it, where... is your decision) and see if it matches with what user supplied. So, when user gets new certificate/privatekey for himself, he needs to send you his public key in advance, so you can put it on the list. Later on, when he connects, he supplies his public key to you, you receive it through LoginCertificate event, and you check to make sure it's correct. If it is - you let him access the system.

I suggest you use Certificate.PublicKeyOpenSSH property for these checks. It's always in ASCII. When user creates new key, ask him to send you his PublicKeyOpenSSH property value. Store it locally. When he connects, you check stored value with one supplied in the login process (and provided to you by LoginCertificate). If match is found *for the user*, let him in.

That way it cannot happen that someone just creates new key and connects. You will not have his key in your database - this is important step!

4- I generated a key according to steps u mentioned in one of you >posting above and start server using that key. Using one of sample >program provided with component i generated another key and used >this new key to connect server. Server is connected successfully. >Shouldn't these keys be related some how?? Both are private keys >and generated dirrently. One used by server other by client but >user is connected ???? How are these related??

Yes. I think I just explained it above - server must have list of allowed keys for the user.

Regards,
Kreso


Complete thread: