Closed 459below closed 7 years ago
fetzerms
commented
7 years ago With the "command=" directive in the authorized_keys-file, the execution of a specific command (which retrieves the crypt keys) is enforced. The execution of other commands is not possible. Hence it is not possible to spawn a shell using a client ssh key.
See the command= part in the manual: https://www.freebsd.org/cgi/man.cgi?sshd(8)#AUTHORIZED_KEYS%09FILE_FORMAT
Does this answer your question?
459below
commented
7 years ago Ah, well my apologies. I didn't know this directive. Thanks for the clarification. That is good to know. I would suggest however to mention that explicitly in the comments on line 150 of README.md somewhere. To emphasize that it has been thought of.
fetzerms
commented
7 years ago Thank for the feedback and contribution. I added further explanations, regarding the command directive.
I may have overlooked something, since it's very late. However at my current state of understanding it would seem that, if one can steal the private key of one of the clients, they could log on as user@keyvm and download all the keys. So if the user "user" is able to spawn a full shell, every client is granted access to all the keys.