[PATCH] Caching passphrase in ssh-add.

David Woodhouse dwmw2 at infradead.org
Tue Jan 9 22:12:21 EST 2001


Markus.Friedl at informatik.uni-erlangen.de said:
>  why. V1-only clients speak V1 only. so what should be compatible? RSA
> keys in SSH2 are different in openssh, since they are used for
> different purposes.

Internally, perhaps. As far as the naïve user (me) is concerned, though, 
they're used for exactly the same purpose - the presence of a private key 
on the client, and the corresponding public key on the server, serves to 
provide authentication to the server. 

Slowly but surely, systems are upgrading to versions of SSH which are
capable of the V2 protocol, and as soon as both ends have done so, the
existing RSA key pairs suddenly stop working. 

Hence the use of matched pairs of keypairs, one RSAv1 and one DSA, to ensure
that it doesn't matter which protocol is used. And the desire to load both
keys into ssh-agent at the same time with the same passphrase, because
conceptually, they're identical - the have exactly the same level of trust,
and protocol version mismatches aside, they provide access to exactly the
same systems.

--
dwmw2







More information about the openssh-unix-dev mailing list