Use of non-user readable (null password) private keys
Jason Stone
jason at dfmm.org
Wed Mar 28 08:33:47 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Executive summary: Why can I not have a private key which is `public' ?
> is this a good idea?
> many ppl are confused by private/public distinction and are starting
> to change permissions for all kind of files.
Yes, it's probablly a bad idea, but there are times when it can be useful,
and the badness can be mitigated (command-squashing on the server side,
eg), especially if the key is publicly readable but still encrypted.
Yes, users sometimes don't know what they're doing - but that's no excuse
to deny some feature. At the very least, allow a
"-o I_REALLY_KNOW_WHAT_IM_DOING" flag.
"UNIX wasn't designed to keep you from doing stupid things, because that
would keep you from doing clever things."
> You can perform this action by not starting ssh directly but
> by starting an intermediate executable which
>
> - Checks if the calling user is allowed to perform that specific action.
> - Sets uid to the uid which owns the ssh private key for that action.
> - Calls in turn ssh to perform the action.
I think that this would be much worse, as any time you start cooking up
setuid binaries you start to weaken the whole system.
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE6wRVOswXMWWtptckRAlW+AKCkhmuvHJQ1pMA5vCBemAyz+PArVQCgoDio
FQjRo33szPURRfDVfam7p8Y=
=aCFW
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list