Use of non-user readable (null password) private keys

Damien Miller djm at
Wed Mar 28 09:31:42 EST 2001

On Tue, 27 Mar 2001, Piete Brooks wrote:

> > Example:
> ...
> > Security has now been compermised.
> Sure -- I can see how having user private keys readable is not a good idea.
> What I want is the *ABILITY* to have public `capabilities' which can
> perform a fixed operation (e.g. prod a server) which is `harmless'.

You should consider using multiple keys with forced commands. i.e.
have each use generate and supply the public key to you. On the server
enter the public keys into the authorized_keys{,2} file with

command="cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAABfJtMq9ljkcsuEy3q6xGMGAAAIEAyUcRmH00888pLqzb+UFZFF3oSjL3vcIlzTVW0b8UtfYHjZkfeQd2tl0KuIK8ilf8FrulOWSYBNHVpv8ZyxPqW01OatuZm9cxKWDMV/uukJFrTWQS3NzaC1yc2EAAzNJHEbH369HEAAGXSB8wDeypUWYP9WKKNFjkhltOBIw= user at

You can then lock individual users out without making everyone change key.


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list