SSH Integration: Existing keys vs Separate Keys for eBrainPool

Question: "Use the openssh keys of an existing user or generate new keys?"

Continuing on from the list of questions arising in our minds. Another important question comes into play here, which keys do we use. This more a matter of pure policy, but it could have fairly serious impacts on security.

We could just use the existing keys, if the user has them setup or generate new ones, if they have not been created. This makes it simple and does seem to fit into the conventional way of thinking.

Our concern here is security. Keep in mind that the intended utilization here is different. This time we are using the authenticated keys to grant access to a users applications to specific parties. Maybe its not such a good idea to share the same keys in this scenario which would grant users access via ssh.

If they are a separate set of keys, running under a separate instance, do we gain any level of security over the previous way listed above? In the code we currently have, it uses openssh present in the system but requires its own set of keys, (stored in a .ebp directory)

With the new libssh based server and client code we are planning to use, we get a level of flexbility, which in this particular case is perhaps more relevant. Our main concern here is how to we allow users to access and play with each others applications without in-advertantly exposing the user and his machine to all sorts of evils.

Previous Post Next Post