Use of non-user readable (null password) private keys

Piete Brooks Piete.Brooks at
Wed Mar 28 00:20:01 EST 2001

>> Executive summary: Why can I not have a private key which is `public' ? 
> is this a good idea?

The *ABILITY* to do it is -- yes.

>> Is this bug intended as a feature ?   [ :-) ] 
> feature.


> many ppl are confused by private/public distinction and
> are starting to change permissions for all kind of files.

Users -- who'd have 'em ?  :-(

> however it's a bad idea to have the private key group or world readable,

For a normal user's key, of course.

But not for a capability you want to grant to a number of people.

> this is why openssh ignore the key.

This is why openssh should warn people that what they are doing is an anomaly 
and might not be as intended.

I would rather that it were not impossible to do by setting some flag to say 
`this capability is known not to be read protected'.

> perhaps we should allow group-readable private keys?

In general, no.

> but i really don't like the idea.


However, I'd like to be *ABLE* to do it.  Consulting adults and all that ...

More information about the openssh-unix-dev mailing list