[PATCH] Caching passphrase in ssh-add.

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Jan 9 22:21:01 EST 2001


i don't understand your point? what do you want?
you want to share passphrases, this is no problem for me.
you want to cache passphases? i think this is a bad idea
but i might be wrong.

but how is this related to SSH-2 RSA keys?

right now, RSA keys for SSH-2 are different from RSA keys
in SSH-1, since there might be some problems/attacks if a key
used for encryption is now reused for signing.

-markus

On Tue, Jan 09, 2001 at 11:12:21AM +0000, David Woodhouse wrote:
> Markus.Friedl at informatik.uni-erlangen.de said:
> >  why. V1-only clients speak V1 only. so what should be compatible? RSA
> > keys in SSH2 are different in openssh, since they are used for
> > different purposes.
> 
> Internally, perhaps. As far as the naïve user (me) is concerned, though, 
> they're used for exactly the same purpose - the presence of a private key 
> on the client, and the corresponding public key on the server, serves to 
> provide authentication to the server. 
> 
> Slowly but surely, systems are upgrading to versions of SSH which are
> capable of the V2 protocol, and as soon as both ends have done so, the
> existing RSA key pairs suddenly stop working. 
> 
> Hence the use of matched pairs of keypairs, one RSAv1 and one DSA, to ensure
> that it doesn't matter which protocol is used. And the desire to load both
> keys into ssh-agent at the same time with the same passphrase, because
> conceptually, they're identical - the have exactly the same level of trust,
> and protocol version mismatches aside, they provide access to exactly the
> same systems.
> 
> --
> dwmw2
> 





More information about the openssh-unix-dev mailing list