11:53 Remote access between computers on windows based operating system using rsaauthentication algorithm | |
In this post I decided to share the implementation of additional user authentication for access to a computer via Remote Desktop on the basis of Windows, using the RSA-algorithm taskTo provide access to the remote computer only to specific users. Habrayuzer, for sure, just say that you can use the built-in authentication methods to restrict access. I agree, but the customer does not agree to these terms was based on keystroke loggers, password and more. And then asked him to authenticate using an asymmetric algorithm. Read IdeaInstall: 1. Generator public key (OK) and a secret key (SK) 2. Backend, which will run at passage windows-authentication, and wait by the UK; 3. Username - sends to the server part of the UK. ImplementationStep OneThey organized VPN-connection for a terminal. Second Stage - Setting up a remote computer1. Install the server side; 2. Generate OK, SC; 3. Do not allow editing, reading a file to everyone except the user that runs the server side; 4. In the setting of user experience when working through Remote Desktop specify that the server part should immediately run when a user: Tell me more about the server side, or rather what happens after its launch. In the first place - to disable mouse movements and ignoring clicks on the keyboard. User is on your computer could easily work, but in a remote computer terminal ignores the user action as long as the user does not send him the right SC. Timeout is 3-5 minutes. If during this time the UK has not been sent - server logs off the remote desktop. If the UK - the right - the user is granted access. Step Three - Set up a user's computer1. Install the client side, 2. Set up Remote Desktop; 3. Copied to removable media, UK. How it worksuser opens the Remote Desktop session and runs windows-authentication: After that, our server immediately starts the server side, and blocks any action sends the client an array of random bytes (plaintext), starts a timer for 3-5 minutes. The user starts his part, points out the secret key by which the encryption is ON and send the result of the encryption server. Server using the OK, decrypts shifrt-text and compares it with the OT. If the key is suitable or not suitable, the user, this information is given on the screen. In this case, the SC came up and the user can work on a remote computer. Features
Where can I useYou can restrict access to your computer or, as in this situation, between offices in different locations. The source lay in the evening. UPD: Reading the comments may Habrachitatelyu was not clear why all this was done. I will make a slight digression: or, rather, that can be implemented using different technologies, but the main problem, even a requirement that was put forward - fast deployment on the new machine and access to a specific user, not a computer. Yes, allow access by IP - it is possible, but the human factor will be present. In my case, too - but it reduces the loss of transmission / UK to a third party | |
|
| |
| Total comments: 0 | |