[Bug 2054] New: Environment fails to provide cryptographic identity of remote party

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Dec 24 01:50:09 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=2054

            Bug ID: 2054
           Summary: Environment fails to provide cryptographic identity of
                    remote party
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Hardware: All
                OS: All
            Status: NEW
          Keywords: low-hanging-fruit, needs-release-note
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: walter.stanish at gmail.com

I am implementing a system that has a number of near-identical cloud
nodes connect back to a single system.  Each node has the central
system's host key pre-loaded, and the central system likewise has the
remote host keys pre-loaded.  This basic key distribution and network
connectivity all works fine, and as expected.

The problem is that the 'shell' program that executes when the cloud
nodes connect needs to reliably determine the identity of the remote
party, and the obvious place to do this is from sshd-initialized
environment variables.  Unfortunately, it seems that there is no way to
determine the remote party's cryptographic identity using environment
variables at present. This causes issues in my application, which needs
to relay the identity information to the application but does not wish
to either (1) create separate unix-level users for each remote host, or
(2) trust the remote host's application-level claims to a given
identity.

I am therefore requesting that the OpenSSH development team consider
adding a new environment variable, eg. SSH_REMOTE_KEY, that corresponds
to some kind of public key identifier for the remote party.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list