openssh keys in ldap
jeff mcelroy
jmcelroy at dtgnet.com
Tue Jul 17 08:04:45 EST 2001
Pekka Savola wrote:
> On Mon, 16 Jul 2001, jeff mcelroy wrote:
> > How about placing the user's private keys on an ldap server and retrieving
> > them with a patched ssh-add ? If the ldap connection is encrypted (ssl) and if
> > we assume the ldap server is secure, Are there any obvious security issues with
> > this ?
>
> .. to curtail possible flaws, if this was done, this should only be
> possible with keys which have non-NULL passphrase.
>
> My brain keeps shouting: "Bad idea! Bad idea!" though.
If the keys stay encrypted (not counting ssl) until ssh-add decrypts them (in the
same manner that it decrypts the private keys off the filesystem). Would we need to
trust the LDAP server or transport protocol. What problems would we encounter with
this?
Jeff McElroy
jmcelroy at dtgnet.com
More information about the openssh-unix-dev
mailing list