Use of non-user readable (null password) private keys

[Pete Chown]

Piete Brooks wrote:

> Executive summary: Why can I not have a private key which is
> `public' ?

Every time I use OpenSSH I seem to get caught out by the permission
checks.  I use umask 002 and my private files are all in a private
group.  This way I don't accidentally deny others access when I work
on shared material.  But OpenSSH doesn't like mode 775...

> We use a client/server model with no `user' accounts on servers.
> There are certain operations which a user may require to run with
> certain privs, and we use ssh to do this.

You could use the agent.  I've just tried and it doesn't look as
though ssh checks permissions on the socket directory.  This would
also have the nice feature that users couldn't copy the key.  You
would therefore be able to revoke access from one user without
revoking the key for the whole group.

-- 
Pete