On Tue, 19 Mar 2013, Rob Echlin wrote:
> Sounds like you could put a public key on the target. Good enough.
> Everyone can login to a special remote-supervisor account on some
> server, to connect to the target, and that account has the private
> key. Then you don't have to get keys from everyone in advance. With
> a passwordless connection to the target, this would be an easy extra
> step.
>
> You can add their keys to the server account when you need to, then
> they have passwordless access to that account.
i'd thought of that a while back and it seemed initially promising
but here's the rub as i explain something i'd carefully glossed over.
imagine the unit in question is, say, a pluggable USB device running
linux. that pluggable device will be plugged into a much larger
system, *also* running linux. so the final system will, in fact, be
the *combination* of these things, and the larger system will be fully
writable. ah, you think, perfect. that should solve the problem
exactly the way you described it.
sadly, the two units will be manufactured entirely separately. the
little units will be cheap pluggable devices which, on a moment's
notice, might fail and will be immediately replaced by another one. so
there's no permanence here. and there will be potentially *thousands*
of these systems, which would require generating key pairs for each
little unit, installing the public key on the unit, recording the
private key somewhere, and installing that on the larger system when
the combination of the two is placed in the field.
the logistics of keeping track of all these key pairs would be a
nightmare.
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================