Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC0012 - Enable SSH Remoting #40

Open
SteveL-MSFT opened this issue Oct 11, 2016 · 4 comments
Open

RFC0012 - Enable SSH Remoting #40

SteveL-MSFT opened this issue Oct 11, 2016 · 4 comments

Comments

@SteveL-MSFT
Copy link
Member

Feedback for https://github.com/PowerShell/PowerShell-RFC/blob/master/1-Draft/RFC0012-Enable-SSH-Remoting.md

@cobracmder
Copy link

Howdy.

Can you explain the following statement?

Alternate forms of authentication, such as key base authentication, will not be supported as it requires safely generating and distributing private/public keys.

Are y'all referring to:

  • actually generating ssh keys (ssh on server creates a set of keys for host authentication using ssh-keygen) because key generation might be vulnerable to someone monitoring memory/cache?
    or
  • generating a user key (via ssh-keygen) and distributing it to a potential remote host (which is done with ssh-copy-id on other platforms)?

If the latter, I see that as easily addressable since there are plenty of other examples out there.

@SteveL-MSFT
Copy link
Member Author

-Scope All

Not a fan of 'All', would prefer 'ClientAndServer' as it makes it more clear what will happen.

Regarding public key auth, we have an issue open against our OpenSSH port to create a version of ssh-copy-id for Windows as it's currently implemented as a Bash script. It's probably better to have the user understand public key auth and generate their own keys rather than for this cmdlet to do that. This cmdlet is just targeting the novice user and really making it easy to install OpenSSH and modify sshd_config to enable PSRP.

@cobracmder
Copy link

Fair enough.

@joeyaiello
Copy link
Contributor

@PowerShell/powershell-committee today only included myself, @JamesWTruher, @SteveL-MSFT, and @daxian-dbw. Without making a statement on implementation or timing, we agree that the alternate proposal here of only validating the sshd install and adding a line to sshd_config for subsystem should the minimal approach.

Also, we noticed that the WinSSH module already takes care of some of this. We should look at that implementation has a strawman.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants