Use of non-user readable (null password) private keys

Jason Stone jason at
Wed Mar 28 08:33:47 EST 2001

Hash: SHA1

>> Executive summary: Why can I not have a private key which is `public' ?

> is this a good idea?
> many ppl are confused by private/public distinction and are starting
> to change permissions for all kind of files.

Yes, it's probablly a bad idea, but there are times when it can be useful,
and the badness can be mitigated (command-squashing on the server side,
eg), especially if the key is publicly readable but still encrypted.

Yes, users sometimes don't know what they're doing - but that's no excuse
to deny some feature.  At the very least, allow a

"UNIX wasn't designed to keep you from doing stupid things, because that
would keep you from doing clever things."

> You can perform this action by not starting ssh directly but
> by starting an intermediate executable which
> - Checks if the calling user is allowed to perform that specific action.
> - Sets uid to the uid which owns the ssh private key for that action.
> - Calls in turn ssh to perform the action.

I think that this would be much worse, as any time you start cooking up
setuid binaries you start to weaken the whole system.


 If the Revolution comes to grief, it will be because you and those you
 lead have become alarmed at your own brutality.         --John Gardner

Version: GnuPG v1.0.4 (FreeBSD)
Comment: See


More information about the openssh-unix-dev mailing list