openssh keys in ldap
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Tue Jul 17 18:12:20 EST 2001
On Tue, Jul 17, 2001 at 09:03:58AM +0100, Doug E Manton wrote:
> My personal preference is the exact opposite approach. Stick the private
> key onto some kind of smartcard. The ideal smartcard would run the
> SSH-agent itself and never reveal the key to anyone, you just initialise
> it with your passphrase before use -- and when you unplug it or a timeout
> occurs, it forgets the key and prompts upon next use.
there is limited support for this on OpenSSH on OpenBSD-current.
you don't need to run the agent on the smartcard, but you can
hide the card behind the agent, and even use the card remotely.
-m
More information about the openssh-unix-dev
mailing list