Use of non-user readable (null password) private keys
Piete Brooks
Piete.Brooks at cl.cam.ac.uk
Wed Mar 28 00:20:01 EST 2001
>> Executive summary: Why can I not have a private key which is `public' ?
> is this a good idea?
The *ABILITY* to do it is -- yes.
>> Is this bug intended as a feature ? [ :-) ]
> feature.
:-(
> many ppl are confused by private/public distinction and
> are starting to change permissions for all kind of files.
Users -- who'd have 'em ? :-(
> however it's a bad idea to have the private key group or world readable,
For a normal user's key, of course.
But not for a capability you want to grant to a number of people.
> this is why openssh ignore the key.
This is why openssh should warn people that what they are doing is an anomaly
and might not be as intended.
I would rather that it were not impossible to do by setting some flag to say
`this capability is known not to be read protected'.
> perhaps we should allow group-readable private keys?
In general, no.
> but i really don't like the idea.
Agreed.
However, I'd like to be *ABLE* to do it. Consulting adults and all that ...
More information about the openssh-unix-dev
mailing list