pgen/README.md

105 lines
4.3 KiB
Markdown
Raw Normal View History

2022-06-30 02:22:26 +00:00
# PGen - Client/Server password management over SSH
2022-06-30 00:40:15 +00:00
2022-06-30 02:22:26 +00:00
Repeatable password generation with defacto synchronization using a client and
server model. Actual passwords don't get stored anywhere. They are instead
generated at execution time using a predictable set of rules and parameters to
create extremely strong, programatically generated passwords over a secure SSH
tunnel.
## Work in progress
At the time of writing, the project has barely started and is nowhere near ready
for use.
## Principles of operation
PGen takes a novel approach to password management. It has a simple client and
server model where neither end actually stores the generated passwords.
Authentication to the server is done using keys stored in the SSH Agent. This
allows for offloading the work of providing a keyring or top-quality encryption
to standard SSH utilities.
Given that the user would be expected to protect their SSH keys with at least as
much rigor as any master password, it eliminates the need for a distinct one. Of
course a password protected private key would still be recommended.
The client collects all necessary parameters and then executes a SSH connection
to the server, passing those parameters.
The server is a dedicated user within a chroot housing only the absolute minimum
environment needed execute and then exit. This provides enhanced security by
using only the PGen server script as the shell, so getting access to a login
shell should not be possible.
The necessary parameters collected by the client are included as environment
variables which are forwarded in the SSH session. It supports multiple profiles
by maintaining a separate parameters list for each public key fingerprint.
Given the parameters from the connecting user, the server programatically
generates the passwords and maintains a database of previous configurations. By
maintaining this list it means that any client with the same public public key
fingerprint will have access to the same list. This provides the defacto
syncronization. None of the
Generation uses a strong cipher to hash various parameters, then build the
password from the list of approved characters.
The server will return the password to the client over the tunnel. The client
can then print the password as plain-text for copying, or add it directly to
the clipboard (Xorg or wlroots).
## Installation
Installation is not currently possible, but will be provided through a unified
installation script.
## Usage
Targetted usage would be:
```
$ pgen service_key [options]
```
The `service_key` will be a unique identifier which gets stored on the server
and associated with the relevant settings so that in subsequent runs, the
combination of these settings and parameters provided every time by the client
will be able repeatably generate the same password.
Options and features targetted for an initial release are:
* Plain-text parameter database
* Option to overwrite any individual parameter at run-time without changing
the values in the database
* Option to generate a new password using identical parameters by making a
timestamp be the only parameter that gets updated
* Sufficient warnings before overwriting any changes to the database
* Listing of existing service keys
* Listing of parameters assigned to a key
* Additional security using a salt file. This would result in unique passwords
even when the SSH fingerprint and all other parameters match
* Strong cipher support when actually hashing parameters
* Suitably strong algorithm for converting
* Augmentation rules. Allow for a set of rules to guarantee compatibility. If
a site requires certain special characters, those are not guaranteed to be
included. Instead, declaring an option like "--requireone=&*()" to include
at least one of those listed or "--requirespecial=2" at least 2 of any. Log
these rules for future usage.
* Quick/quite mode. An option to run with a basic set of parameters which
avoids all interactive prompts. Use parameters which should be strong while
also being widely accepted.
* Throwaway mode option. Simply don't store the password parameters.
# Contributing
Contributions are welcome through Gitea at:
https://git.john.me.tz/jpm/pgen
# License and Copyright
Copyright (c) 2022 John Mertz <git@john.me.tz>
Licensed under GPLv2 or later. See LICENSE.