Use of non-user readable (null password) private keys
Damien Miller
djm at mindrot.org
Wed Mar 28 09:31:42 EST 2001
On Tue, 27 Mar 2001, Piete Brooks wrote:
> > Example:
> ...
> > Security has now been compermised.
>
> Sure -- I can see how having user private keys readable is not a good idea.
>
> What I want is the *ABILITY* to have public `capabilities' which can
> perform a fixed operation (e.g. prod a server) which is `harmless'.
You should consider using multiple keys with forced commands. i.e.
have each use generate and supply the public key to you. On the server
enter the public keys into the authorized_keys{,2} file with
restrictions:
command="cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAABfJtMq9ljkcsuEy3q6xGMGAAAIEAyUcRmH00888pLqzb+UFZFF3oSjL3vcIlzTVW0b8UtfYHjZkfeQd2tl0KuIK8ilf8FrulOWSYBNHVpv8ZyxPqW01OatuZm9cxKWDMV/uukJFrTWQS3NzaC1yc2EAAzNJHEbH369HEAAGXSB8wDeypUWYP9WKKNFjkhltOBIw= user at somewhere.org
You can then lock individual users out without making everyone change key.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list