It is Possible to Create Mechanism to Protect Server Directory With RSA and DSA Key. If RSA Key does not match, the user will not be allowed to access the area. RSA and DSA Keys are Digital Signature. It appears a bit difficult to think about Protecting Server Directory With RSA and DSA Key, but if one thinks carefully, it is a kind of modification of SSH to Server Without Entering Password From Mac (OS X). Actually we can run almost all UNIX Shell commands over HTTP protocol and usually port 80. Port 80 is not powerless! That is basically why SQL Injection is able to run – when combined, they works as I/O. Possibly you have started to think too deeply, not much thought is needed.
Understanding the Basics of Protecting Server Directory With RSA and DSA Key
The topic falls under Identity And Access Management in Cloud Computing. There are many complex, paid solutions are available, like from Oracle :
|
1 |
http://docs.oracle.com/cd/B28196_01/idmanage.1014/b25347/rsa.htm |
Crude example can be access management by some web hosting control panel. In the same way like Oracle, Symantec has a different solution :
---
|
1 |
http://www.symantec.com/business/support/index?page=content&id=HOWTO81144#v7641503 |
So, basically the title Protecting Server Directory With RSA and DSA Key appears quite closer to sci-fi story, but we use in many situations where extra security layer is needed. Cassava allows WordPress to act as a single sign-on authenticator using versions 1.0 and 2.0 of the Central Authentication Service (CAS) protocol. There are plugins too :
|
1 |
http://wordpress.org/plugins/wp-cas-server/ |
The last one is not exactly what we are talking about – but one thing becomes quite clear, even WordPress like general purpose CMS or blogging software are now equipped with almost industry’s standard identity management, another for security enforcement :
|
1 |
http://wordpress.org/plugins/wpclef/ |
Clef uses 2048-bit RSA keys. So with dirty PHP, actually it is possible to make the directory somewhat secure. It would take 6.4 quadrillion years to crack a 2048-bit (the length of Public and Private, industry standard) using a brute force method. May be you’ll be interested to read about phpseclib :
|
1 |
http://phpseclib.sourceforge.net/ssh/compare.html |
Protecting Server Directory With RSA and DSA Key
As the things are difficult to manage with lot of users, the Universities uses ssh-agent globally for X session. X server launch an ssh-agent for the entire X session by default for the login, this avoids the chance of DNS Poisoning.
If you read these two old guides for the end users :
|
1 2 |
http://upc.lbl.gov/docs/user/sshagent.shtml http://old-en.opensuse.org/Using_ssh-agent_globally_for_X_session |
In fact, you can enable WordPress SSH access to install, update WordPress and WordPress plugins :
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# we assumed that you are root user on deb based linux apt-get install libssh2-php # for normal LAMP server installation; php.ini file is located at : # /etc/php5/apache2 # can be seen by running this command # php --ini # Edit nano /etc/php5/apache2/php.ini # activate or add this line extension=ssh2.so # restart apache2 sudo /etc/init.d/apache2 restart |
Not only hostname, username, password etc. things; with this settings, WordPress will also ask for Public Key and Private Key. This is an example of forcing a plain PHP MySQL web software to use the key pairs.
Tagged With how to protect rsa keys?