[Bug 1914] New: ssh-add: add an option to cryptographically verify if agent can access the matching private key of a given public key
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 10 21:37:04 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1914
Summary: ssh-add: add an option to cryptographically verify if
agent can access the matching private key of a given
public key
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh-add
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: kb at open.ch
Created attachment 2055
--> https://bugzilla.mindrot.org/attachment.cgi?id=2055
Patch
I need to cryptographically verify if a given key is load into the
agent.
The patch adds the option "-v pubkey" which allows ssh-add to do the
same public key authentication procedure as done by sshd. This means it
sends a challenge to the agent which must return a valid signature. It
does not just "believe" the agent as checking the output of "ssh-add
-L" would do.
Use case:
For remote access, the user log in from home. First a one-time-password
is used to authenticate the user via PAM. Then we want to check if the
user has his key loaded into the ssh-agent. Currently we do this by a
ForcedCommand which opens another ssh session, where the key is used
for authentication. We would like to do that test directly in the
ForcedCommand script.
The patch is based on 5.8p2 and implements that feature for ssh1 and
ssh2, contains regression tests and updates the man page.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list