Let\'s say you assign SSH keypairs to all users on your system; none of these \"

Question

Let's say you assign SSH keypairs to all users on your system; none of these "low trust" users have root privileges. You want the users to be able to use their keys in SSH connections, however, you don't want your users to be able to read their private keys.

This can be used to either prevent users from accessing secured servers over SSH from unauthorized computers (by copying their keypair to another computer), or to prevent their private keys being accidentally leaked.

Is there already this type of system in place for "hiding" private keys from the users, while still allowing them to use them during the shared key negotiation?

Explanation / Answer

I would suggest Smart Cards and secure tokens*. These have a storage that cannot be read, only be used from the secure cryptoprocessor. This means nobody that have full access to token can read the private key. The only thing user can do is to send a string to either be signed or decrypted, and get the result back.

The Smart card/secure token can also generate the keypair on the card, ensuring the key never has been, and can been outside of card/token. The public key can then be extracted to then be inserted into authorized keys.

*Secure USB tokens are effectively a Smart card and a Smart card reader, combined in the same chip with the same security level.

I would suggest a smart card and smart card reader, if multiple authorized users are gonna use the same terminal to connect to the SSH server under their own identity.

If each authorized users has their own terminal, or Group identities are used, then I would suggest using a PKI token, that can be permanently placed, and even locked with a padlock, inside the computer, and then connected to the computer using a internal USB Cable.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.