User Logon and Resource Access

Overview

CoreSSH Server allows users to authenticate using accounts defined in the application or NT User Accounts of the local Windows system or Active Directory domain. This article will discuss how the server verifies identities and how authorization is granted for files or folders. For more detailed information on security, authentication mechanisms, or resource access please see the Online Documentation.

User Logon

CoreSSH Server uses the SSH authentication protocol to accept or reject an authentication attempt for file transfer or remote login. Exactly how the server verifies an identity depends on the type of credentials provided in authentication requests over SSH.

When the provided credentials are a NT User Account, the server will try to retrieve a security context from the Windows operating system or Domain Controller using the LogonUser API. If the credentials are a user defined within CoreSSH Server, we will compare the provided credentials with pre-defined values. Technically, we do not compare the passwords directly or store passwords, instead we use a hash derived from the password.

Resource Access

After the authentication attempt is accepted, users are free to send SFTP packets such as read, write, rename, delete, etc. The packet processing logic will perform the corresponding operation against the storage device.

When the SFTP user is a verified NT User Account, we will perform filesystem access operations using that Windows Identity and return the result of such operations back to the client over SFTP. This means the Windows security mechanisms will grant or deny access to files and folders according to the credentials provided over SFTP.

If the SFTP user is a user account defined within CoreSSH Server, there is no corresponding Windows Identity for the server to use. Instead, we will use the current process identity for resource access and return the result of the operations back to the client over SFTP. This means that virtual users can work with files on the server using the identity that the server process is running.

Command Execution

If CoreSSH Server is configured to enable remote command execution through the Enable Shell Access setting, only NT User Accounts will be allowed to create a shell channel to issue commands. Commands will be handled by launching a new process to isolate the shell session from the rest of the server. This ensures that if a command hangs the server will not stop working.

The new process is created with the identity of the NT User Account and any subprocesses spawned by this process will inherit the same identity. Windows security mechanisms will be responsible for determining whiether a process can obtain the requested access to a resource or perform the requested operation.