[Bug 2713] Please provide a StrictModes-like setting (command line parameter) for ssh (client)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 7 19:28:46 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2713

--- Comment #1 from Sascha Silbe <sascha-openssh-bugs at silbe.org> ---
Since GnuPG 2.1, gpg-agent (in SSH agent emulation mode) doesn't work
with password-less keys anymore so our work-around of feeding the
private key into ssh-add via stdin stopped working.

The refusal of the OpenSSH client to use group-readable private keys is
becoming a real pain; we have to stack up work-around upon work-around.

How the private key should be protected is a matter of threat model and
policy, not a technical matter. It's OK if OpenSSH warns the user about
potentially unsafe permissions _by_ _default_, but it should not
_force_ users to follow the OpenSSH developer's policy that matches the
OpenSSH developer's threat model only.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list