[Bug 2054] New: Environment fails to provide cryptographic identity of remote party
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Dec 24 01:50:09 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2054
Bug ID: 2054
Summary: Environment fails to provide cryptographic identity of
remote party
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Hardware: All
OS: All
Status: NEW
Keywords: low-hanging-fruit, needs-release-note
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: walter.stanish at gmail.com
I am implementing a system that has a number of near-identical cloud
nodes connect back to a single system. Each node has the central
system's host key pre-loaded, and the central system likewise has the
remote host keys pre-loaded. This basic key distribution and network
connectivity all works fine, and as expected.
The problem is that the 'shell' program that executes when the cloud
nodes connect needs to reliably determine the identity of the remote
party, and the obvious place to do this is from sshd-initialized
environment variables. Unfortunately, it seems that there is no way to
determine the remote party's cryptographic identity using environment
variables at present. This causes issues in my application, which needs
to relay the identity information to the application but does not wish
to either (1) create separate unix-level users for each remote host, or
(2) trust the remote host's application-level claims to a given
identity.
I am therefore requesting that the OpenSSH development team consider
adding a new environment variable, eg. SSH_REMOTE_KEY, that corresponds
to some kind of public key identifier for the remote party.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list