[Bug 1974] New: Support for encrypted host keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 1 03:22:09 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=1974
Bug #: 1974
Summary: Support for encrypted host keys
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: zevweiss at gmail.com
Created attachment 2125
--> https://bugzilla.mindrot.org/attachment.cgi?id=2125
Patch to implement support for encrypted host keys in sshd
(Copy/paste from this post to the mailing list:
http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2)
I recently found myself wanting to run sshd with passphrase-protected
host keys rather than the usual unencrypted format, and was somewhat
surprised to discover that sshd did not support this. I'm not sure if
there's any particular reason for that, but I've developed the
[attached] patch (relative to current CVS at time of writing) that
implements this. It prompts for the passphrase when the daemon is
started, similarly to Apache's behavior with encrypted SSL
certificates.
My initial implementation instead operated by passing the passphrase
along to the rexec child, but I decided I thought it was slightly nicer
to decrypt the key once and pass it along rather than redoing it every
time. I can send the previous version if that would be preferred
though -- this key-passing version does have some resulting ugliness in
its handling of options.num_host_key_files, as described in a comment
in the patch.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list