[luau] Linux POS/Cash Register Terminal Image

Ray Strode halfline at hawaii.rr.com
Tue May 28 13:20:01 PDT 2002


> We were thinking about putting a unique DSA private key (without a
> passphrase) onto each flash disk.  That would be the unique identifier for
> each cash register, using DSA private/public authentication for the login
> into an SSH account on the server.  This should work out great because it
> would be nearly impossible to spoof, and cash registers cannot accidentally
> log into the wrong SSH account.
Okay I have some questions first about the setup.  How are cashier's
logged in? This is a question concerning the server software.  Is it
just a normal server and regular telnetd is running? If so we can just
use ssh as a drop-in replacement.  Does it have it's own proprietary
telnet server running? If so we are going to have to setup an ssh
tunnel. 

Now questions about your purposal.  Is each ssh account tied to the
register or cashier?  This is sort of related to paragraph above.  E.G.
Is cashier authentication and authorization being handled by
counterpoint or by the server running counterpoint?  If counterpoint
doesn't handle cashier authentication on its own then we should probably
associate a password with each key.  If we do assign a password to each
key, I do /NOT/ think ssh-agent would be a good idea.

So are we going to be running login on the registers?  I don't see the
point, all though if counterpoint doesn't support cashier authentication
then we should probably write a small frontend (curses) for ssh.

> For further control we could tie the SSH account and keypair to a static IP
> address (also embedded in the flash disk).  
I only like that idea if the ssh accounts are tied to registers and not
cashiers.  In other words, I don't think it would be too great if a
cashier could only use one register on the whole system.

> Perhaps we could also have the server enforce logins from that IP, account and 
> keypair only from a certain MAC address.
MAC address spoofing is so trivial, I don't see any added security from
doing this.  

--Ray




More information about the LUAU mailing list