I\'m designing the communication mechanism for end user devices that will commun

Question

I'm designing the communication mechanism for end user devices that will communicate with a row of servers. My current plan is

1. on first run, a device will generate its own SSH key pair (RSA and 4096 bits)
2. the device will transfer its ID and public key via HTTPS (utilizing a valid certificate) to one of the registration servers
3. once confirmed, the device opens a SSH connection to a reg-server and receives the servers public key

Is this a valid approach, or would usage of "Server Authentication with Certificates" (DH key exchange) be the better == more secure way?

Explanation / Answer

Looks good to me. Note that, depending on the cipher list you enable, HTTPS will do a DH key exchange. As long as you trust the SSL implementation on the device and the server, and that you audit the certificate trust list on the device, the connection between the device can be considered secure.

The only thing I'm concerned about is that the device can open an SSH access to the server. Securing SSH is very difficult because you are giving people a shell access (which includes, among other things, the ability to transfer and store files and to execute almost arbitrary programs). If you don't fully trust all the people that might have access to the device, this could be very risky to your server.

Unless you truly need to give people the ability to run arbitrary programs, it would usually be a better to expose a certain predetermined list of resources through a service wrapper, like HTTPS. This gives you more control over the execution of commands on your server.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.