Imagine storing your private files on a computer that can only be accessed via Bitcoin keys, and then losing those keys and bricking the server because that was the only way in. Because you deleted the root account.
Bummer. There used to only be one person physically capable of accessing that server. And now there are zero.
Learn how to store your own Bitcoin keys. They could be more useful than you think.
You could boot from a USB drive and access the disk as root
Say you take out all other boot options other than the hard disk/motherboard. I think a brickable computer has a lot of advantages.
Replace the BIOS flash chip and you’re good
Or physically remove the SSD and plug it into another
What you are looking for is full disk encryption
If you know the password you can still access the disk and reset the root password. But otherwise data is unusable without it
And it has the advantage that you can wipe it easily (delete the header and entire disk is useless, only thing you can do is reformat)
I like it, because you have to resort to having physical access to the machine to restore any amount of access.
If you have one account, where you replaced the ssh password with a script that issued a challenge token you have to digitally sign with a Bitcoin key and no root account, I think you can effectively bar remote access otherwise.
That is, Bitcoin's signature standard has a whole industry focused on securing private keys. So it would be technically better than a password or preshared key. Even though those would effectively do the same thing.
Thanks for sharing
Is this a hypothetical scenario or do we actually have a system like this available?
That won't work. You will need to use full disk encryption. Otherwise, I can just plug your HD into another computer and have full access to your files. Several Linux distros support this. Windows sort of supports it, but it sucks and can be cracked.
That's great, because you can direct unlimited resources to physically secure the hardware. But what I really want is to physically secure the remote side by making it just as physically costly to obtain the signing keys as well.
So what I'm wondering is if there's any issue with the only two pieces of information on the wire to be a random message to the client and the signed random message to the server in order to establish an ssh connection.
Good news. This works great and you already have the software necessary to do it: ssh. It supports signing in with a key instead of a password. Not sure if it works with Bitcoin keys, but it's better to use a separate key anyway. You don't want a compromise of your server to also cost you your life savings.
An ssh private key is still on the remote machine, but only readable by your user.
What I want is for that key to be airgapped. And multisig. And everything else you can do to secure, say, a Bitcoin key that only has access to a 1000 sat utxo on chain, but that utxo buys you access to a server. To make it physically impossible to steal or spoof that key.
That's the normal way of doing things, but it's not the only way. The key is only needed for connection setup. After that, a newly generated 'session key' is used for communication. You could create a custom client that used external keys for authentication. There is probably already an ssh client that can use an external signing device, but I would be surprised if an airgapped version exists. I don't know how complicated the protocol setup is, but I would guess it takes more than two steps.
Anyway, since you are opening an on-going control connection, an attacker only has to hijack your computer to gain access. Air gaps don't really gain you anything in this case. Bitcoin is much more limited in the scope of what needs to be signed, so it's much easier to air gap.
say again? why is the private key on a remote?
Sorry I was talking from the server's perspective, accepting connections from remote clients.
Still not sure if I understand the flow.
It's probably easiest to write a pam plugin.
That's my plan actually. The plugin hooks into the password flow, sends a challenge token and, expects the signed message back, and authorizes the connection. A talk with AI gave me the configuration code and steps, I just need to do it on a VM and see if it works.
I don't get it. You have ssh key (ed25519, which is also elliptic cypher) why bitcoin key? You should have a separate keys for separate things/accounts anyway.
Because softwar.
The idea is move the signing process offline just to establish the authority of the client to access the server. So that any hacker operating purely in cyberspace has no chance of entry. And any hacker operating irl has walls and guns between them and their target.
In fact, if you needed even more security because, say the server won't accept any data to establish an ssh channel, but it knows your xpub, you would need to, for example, move your utxo to the next address in your npub with a challenge token attached to the transaction. The server sees that block get mined, get 6 blocks deep, and only then give you access.
still pam plugin
