[PATCH] Caching passphrase in ssh-add.
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Tue Jan 9 22:21:01 EST 2001
i don't understand your point? what do you want?
you want to share passphrases, this is no problem for me.
you want to cache passphases? i think this is a bad idea
but i might be wrong.
but how is this related to SSH-2 RSA keys?
right now, RSA keys for SSH-2 are different from RSA keys
in SSH-1, since there might be some problems/attacks if a key
used for encryption is now reused for signing.
-markus
On Tue, Jan 09, 2001 at 11:12:21AM +0000, David Woodhouse wrote:
> Markus.Friedl at informatik.uni-erlangen.de said:
> > why. V1-only clients speak V1 only. so what should be compatible? RSA
> > keys in SSH2 are different in openssh, since they are used for
> > different purposes.
>
> Internally, perhaps. As far as the naïve user (me) is concerned, though,
> they're used for exactly the same purpose - the presence of a private key
> on the client, and the corresponding public key on the server, serves to
> provide authentication to the server.
>
> Slowly but surely, systems are upgrading to versions of SSH which are
> capable of the V2 protocol, and as soon as both ends have done so, the
> existing RSA key pairs suddenly stop working.
>
> Hence the use of matched pairs of keypairs, one RSAv1 and one DSA, to ensure
> that it doesn't matter which protocol is used. And the desire to load both
> keys into ssh-agent at the same time with the same passphrase, because
> conceptually, they're identical - the have exactly the same level of trust,
> and protocol version mismatches aside, they provide access to exactly the
> same systems.
>
> --
> dwmw2
>
More information about the openssh-unix-dev
mailing list