Use of non-user readable (null password) private keys

[Corinna Vinschen]

On Tue, Mar 27, 2001 at 02:11:08PM +0100, Piete Brooks wrote:
> Executive summary: Why can I not have a private key which is `public' ?

You can perform this action by not starting ssh directly but
by starting an intermediate executable which

- Checks if the calling user is allowed to perform that specific action.
- Sets uid to the uid which owns the ssh private key for that action.
- Calls in turn ssh to perform the action.

Corinna

> 
> 
> Gory details ....
> 
> I'm new to openssh. I've been using ssh for years. However, I'm in the process 
> of investigating RH 7.* (0.91 at the moment) and am wanting to be as 
> `standard' as possible, so trying openssh.
> 
> I looked on http://www.openssh.com/list.html but could not find a list for 
> "general OpenSSH discussion", but this was the closest match, so I'll call it 
> a bug :-)
> 
> We use a client/server model with no `user' accounts on servers.
> There are certain operations which a user may require to run with certain 
> privs, and we use ssh to do this. The capability may be given to an individual 
> user (user-only-readable in their .ssh/), a group (using UN*X group semantics) 
> or may be accessible to all users of a particular machine or set of machines 
> (e.g. when a user changes their password, a process is woken up on the 
> password server).
> 
> This all worked fine under ssh, but under openssh load_private_key() does a
> 		(st.st_mode & 077) != 0) {
> and then complains that it is readable and won't use it. (it says "It is 
> recommended that your private key files are NOT accessible by others." but 
> appears to implement somewhat more than a `recommendation' !)
> 
> Is this bug intended as a feature ?   [ :-) ]
> 
> I can see no code to disable this test [ other than setting HAVE_CYGWIN and 
> writing a check_ntsec() which returns FALSE :-) ]

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com