[Bug 1974] Support for encrypted host keys
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jul 5 19:44:34 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=1974
Markus Friedl <markus at openbsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markus at openbsd.org
--- Comment #3 from Markus Friedl <markus at openbsd.org> ---
(In reply to Zev Weiss from comment #2)
> djm's mailing list reply:
>
> > I think it is down to adding another ssh_config option to configure a well-
> > known agent socket for ssh-keysign or making ssh-keysign read sshd_config
> > too. The latter might be desirable, since then it could detect which keys
> > are actually in use. That being said, making it read ssh_config would be
> > more flexible if people ran multiple ssh instances on their hosts. Maybe
> > there is some third option that hasn't occurred to me...
problems:
1) calling both readconf() for ssh_config and sshd_config
easy fix: rename struct options for either client or server config
2) however: i don't like the idea of having ssh-keysign
run the parser code while running w/ uid 0
we should avoid running that much code in a setuid tool...
perhaps just disallow ssh-keysign for ssh-agent-setups :)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list