Results 1 to 2 of 2

Thread: SSH authenticated hostname strengthening

  1. #1
    Join Date
    Apr 2015

    Default SSH authenticated hostname strengthening

    I would like to suggest that the amandad program, when operating in SSH authentication mode, be able to be passed the authenticated hostname as a command-line parameter. It would still do all the same checks that it already does, just that if those checks return a different hostname than that passed on the command line, it would fail. The use case here is that the command field in the authorized_keys file could then yield a cryptographically strong binding between peer key and authenticated hostname. In the absence of the command field, certainly the remote machine could provide a fake hostname (since it would then be able to specify a command line of its own choice), but this would not give it any additional privileges because, as I said earlier, it would still perform all the usual hostname checks, failing if any of them did not match the value passed on the command line.

    I believe this would be the easiest way to achieve a cryptographically strong verification of a peer’s claimed hostname in an SSH-equipped environment. Thoughts?

  2. #2
    Join Date
    Jul 2018


    I haven’t even imagined that this is so complex

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts