Use of non-user readable (null password) private keys

mouring at mouring at
Wed Mar 28 03:48:51 EST 2001

On Tue, 27 Mar 2001, Piete Brooks wrote:

> > Example:
> ...
> > Security has now been compermised.
> Sure -- I can see how having user private keys readable is not a good idea.
> What I want is the *ABILITY* to have public `capabilities' which can perform a
> fixed operation (e.g. prod a server) which is `harmless'.

It really sounds like you want the extend filesystem ACL provides by
most commerical UNIXes filesystems.  That would outskirt the whole 'this
key is globally public' but granting extended rights for limited
number of users to use the key.

For Solaris look at:

man getfacl
man setfacl

- Ben

More information about the openssh-unix-dev mailing list