>
> Hello Olaf,
>
> ssh -l root hostname 'reboot'
>
> But, I see you want something that will get to the kernel
> and the above is user-space. Why not use a ssh 'like'
> approach ? The packet -must- have come from a known host(s)
> and -must- come from a trusted 'user' . the ssh package
> already has this functionality, it would be nice to see
> this used and not rebuild the wheel . Tia
>
Actually, one could load a module which would add a /proc/securerebootkey
and echo public_key_file > /proc/securerebootkey.. A special ping program
would ping the box w/ special flags on the packet and the responce would
contain a challange. The pinger would sha the challange and sign it with
the private key that the target host has the public key loaded with and
return it..
The signature test would mostlikely not take up much memory.. However a
DOS attack could be attempted because it will take some CPU.. SHA hashing
is already in the kernel..
Anyone outside the US wanna impliment it? (IS diffie helman (no longer
patented in the us) capible of doing signatures? I'm too lazy to pickup my
applied crypt and check it out)..