[Bug 2713] Please provide a StrictModes-like setting (command line parameter) for ssh (client)
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 7 19:28:46 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2713
--- Comment #1 from Sascha Silbe <sascha-openssh-bugs at silbe.org> ---
Since GnuPG 2.1, gpg-agent (in SSH agent emulation mode) doesn't work
with password-less keys anymore so our work-around of feeding the
private key into ssh-add via stdin stopped working.
The refusal of the OpenSSH client to use group-readable private keys is
becoming a real pain; we have to stack up work-around upon work-around.
How the private key should be protected is a matter of threat model and
policy, not a technical matter. It's OK if OpenSSH warns the user about
potentially unsafe permissions _by_ _default_, but it should not
_force_ users to follow the OpenSSH developer's policy that matches the
OpenSSH developer's threat model only.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list