deslogind.1

一个使用des加密传输的unix下的login程序的服务器端和客户端

.\" @(#) $RCSfile$ $Revision: 1.5 $ $Date: 94/06/14 11:59:48 $
.TH DESLOGIND 1  14-Jun-94
.ds )H David A. Barrett
.ds ]W Rev. 1.1 Jun 1994
.SH NAME
deslogind \- daemon for deslogin
.SH SYNOPSIS
.B deslogind
.B \[\-dnc\]
.B \[\-f
.I userFile\]
.B \[\-l
.I logFile\]
.B \[\-w
.I name\]
.B \[\-p
.I port\]
.br
.in 15
.B \[\-k
.I cipherKey\]
.B \[\-i
.I inactiveSecs\]
.B \[\-t
.I loginSecs\]
.SH DESCRIPTION
.PP
.I Deslogind\^
is the daemon for the 
.I deslogin(1)
program, a secure DES authenticated and encrypted login service.
This deamon may be run from inetd, or in a standalone fashion.  When
invoked, it posts a listen(2) on the specified port.  When a connection request 
arrives, it authenticates the remote user and starts up a new login session 
for the user.  All subsequent data transmitted between the session 
and the remote host is encrypted using the United States Data Encryption 
Standand in cipher-feedback mode using a unique key for each session.  
Authentication is 
performed using a challenge-response protocol that does not transmit passwords 
over the network.  Pass phrases are used for authentication rather than the 
eight-character passwords of
.I login(1).
User names and passphrases are looked up in a file which has been DES
encrypted by the 
.I cipher(1)
program.  A gateway service to allow access through a firewall is 
also available (see 
.I deslogingw(1)).
.SS Options
.PP
.TP 12
.BI \-f\ userFile
Specifies the encrypted file containing user passphrases
(Default: /usr/local/etc/netlogind.users).
Each
line of the file is an 8-character username, a tab, then a passphrase
containing any number of 7-bit characters.
Lines beginning with a pound "#" character are comments.
Use the
.I cipher(1)
program to create the encrypted userFile from your plaintext.  Use the
-d option with
.I cipher 
to view the encrypted userFile.  Make sure to destroy the
plaintext once you've verified the encrypted copy is decipherable.
.TP
.BI \-k 
Specify a phrase used as the key for decrypting the userFile.
If the
.BI \-k 
option is not used, 
.I netlogind
requests one when it is invoked.  
Don't use the 
.I -k
option except for debugging and testing: the command line 
is visable to any user with the 
.I ps(1)
command.
.TP
.BI \-c
Don't prompt for a userFile cipher key. Use the compiled default.
Use this option when you must invoke 
.I deslogind
without human intervention (say from inetd).  Don't use this option
if the executable file for 
.I deslogind
is readable by sufficiently determined hostile users.
.TP
.BI \-n
The userFile is plaintext.  Don't prompt for a userFile cipher key.
You shouldn't put userFile where it's readable by hostile users.
.TP
.B  \-d
enable debug output (can't be used by attacker to compromise keys)
Use more -d's to get more output.  Debug levels greater than 1 prevent
any forking of the process which allows use of a debugger.
.TP
.BI \-l\ logFile
Specifies a file for recording connection, login, and logout statistics.
(Default: /usr/adm/netlogind.log)
.TP
.BI \-i\ inactiveSecs
An integer specifying the number of seconds of inactivity before the
session is terminated (default: 20 minutes).  This is a security feature
to reduce the probability that an unattended remote session can be exploited
by an intruder at the remote site.
.TP
.BI \-t\ loginSecs
An integer specifying the number of seconds to wait for a response after
issuing the challenge (default: 60 seconds).  The remote user must be
able to type the passphrase correctly within this time period including
network delays.
.TP
.BI \-w\ name
Run as a wrapper to login.  A single system-wide passphrase must
be in userFile under the name argument givin with the -w option.  
Successful authentication invokes the login program instead of a user shell.
.TP
.BI \-p\ port
An integer specifying the TCP port number used to listen for requests.
If none is given, /etc/services is consulted.  If the deslogin service
isn't present, 3005 is used.
.SH WARNINGS
.PP
The method used to encrypt the userFile could be better.  It's only appropriate
for machines which don't have "sufficiently determined" hostile local users.
A sufficiently determined hostile user is one who can examine the run-time 
data segment of another user's deslogind process.
They could then look for the internal data structure holding the
binary form of the hashed userFile cipher key.  Armed with the binary key, 
they could obtain and modify the source code for
.I cipher 
to accept the binary data as input and use it to read and decrypt the
userFile.  Some protection is given by statically linking and stripping
.I deslogind
and by ensuring
.I deslogind
and the userFile are owned by root, and not readable (or writable) by other users.  
.PP
Changing the passphrase requires decrypting the userFile using the
.I cipher(1)
program, editing the cleartext in a secure local directory from a secure
local session, re-enciphering, and overwriting the entire plaintext file.
.SH AUTHENTICATION PROTOCOL
.PP
.I Deslogind
uses a "challenge-response" protocol to authenticate users.  
Upon connection, the remote host sends a line containing the remote user
name, then another giving the login name for the local user.
.I Deslogind
looks up local user name in the userFile
and retrieves the corresponding passphrase which is hashed to produce the
user's DES authentication key. An "unpredictable" 64-bit nonce is 
generated by using the user's authentication key with DES in ECB mode 
to encrypt the (LSB zero-padded) output of time(2) and getpid(2).
.I Deslogind
then encrypts this nonce with the user DES key and sends 
it as the challenge to the remote machine.
The remote
.I deslogin
prompts the user for a passphrase which is hashed into a DES key
used to decipher the challenge and send back the 64-bit "response".  
.I Deslogind 
compares the response with the nonce; if they're equal, 
authentication succeeds and a unique session 
key is generated by encrypting the challenge with the user's DES key.  
The authentication keys are destroyed by both hosts, and the session key 
is then used to encrypt all other data transferred.
.SH NOTE
.PP
.I Deslogind
does not require root permission to be useful.
Regular users may create their own
userFiles, encrypt them with cipher, and give appropriate options to
.I deslogind
to allow remote login to their account from remote mechines traversing
untrusted networks.  This is especially useful when you will be away
from work and want to be able to access your machine in a safe manner
from another trusted site (your home, say).  When used in this manner,
you cannot became any user other than the owner of 
.I deslogind.
.PP
For example, the user "martha" on the host "uunet" could do the following:

.PP
.RS
$ cipher >$HOME/deslogind.users
.br
Input Key:
.br
Verify Key:
.br
martha		My simple passPhrase
.br
$ deslogind -l ~/deslogind.log -f ~/userFile -p 2010
.br
UserFile cipher key: 
.br
.RE
.PP
She can now login from a remote machine by the command:
.PP
.RS
.br
$ deslogin martha@uunet:2010
.br
Pass Phrase:
.br
uunet $
.br
.ne 7
.SH ENVIRONMENT
.PP
The following environment variables are set by
.I deslogind:
.TP 10
.B  LOGNAME
The authenticated local user name
.TP
.B  USER
Same value as LOGNAME (for BSD users)
.TP
.B  HOME
The home directory as taken from /etc/passwd
.TP
.B  SHELL
The login shell as taken from /etc/passwd
.TP
.B  PATH
Where to look for executables.  Set to ":/bin:/usr/bin".
.TP
.B  TZ
The timezone of the host where deslogind is running.
.TP
.B  MAIL
The location of the user's maildrop (HP-UX only).  
Set to "/usr/mail/$LOGNAME". 
.TP
.B  TERM
The terminal type.  Set to "network" so login scripts can
test for this value and reset it appropriately.
.TP
.B  RHOSTNAME
The name of the remote host which connected to 
.I deslogind.  
This information is reliable only to the extent that the domain name 
system (DNS) and TCP are trustworthy.  Use with caution.
.PP
Unlike rlogin,
.I deslogind
does not pass any environment variables, such as TERM, from the
remote host.  This is both a liability and a security feature.   How much
trust should the local host place in information derived from the remote
host?  Passing enviroment variables can be dangerous and complex.

.SH MISSING FEATURES
.PP
A program to change passphrases, add, and delete users.
.PP
A better security method for the userFile should be designed.
.SH ACKNOWLEDGEMENTS
.PP
Comments and improvements will be greatly appreciated and should be 
directed to the author:
.PP
David A. Barrett (barrett@asgard.cs.Colorado.EDU)
.PP
Copyright 1994 by David. A. Barrett.
.PP
This program is not to be distributed for profit or included in such
software without written permission from the author.
No permission is required for non-profit use.

.SH FILES
.ta 4i
/usr/local/etc/deslogind.users	default userFile
.ta 4i
/usr/adm/deslogind.log		default log file
.ta 4i
/etc/services			to determine TCP port
.ta 4i
/etc/nologin			disabled login message
.ta 4i
/etc/passwd			for user id, gid, home, shell
.ta 4i
/etc/group			for supplementary group id's
.ta 4i
/etc/utmp			active user sessions
.ta 4i
/etc/wtmp			log of user sessions
.ta 4i
/dev/tty			to get userFile cipherKey
.ta 4i
/dev/pty*			session controlling terminal
.ta 4i
/bin/login			program invoked by -w option
.DT
.SH SEE ALSO
cipher(1),
inetd(1m),
rlogind(1),
telnetd(1),
deslogin(1),
deslogingw(1),
login(1).
.\" index	\fIdeslogind\fR \- DES authenticated encrypted login daemon\s-2DESLOGIN\s+1(1)\s+1
.\"
.\" toc	\s-2DESLOGIND\s+1(1)\s+1:\0\0\fIdeslogind\fR 	 deslogin daemon