ssh-agent too easy to hack

Tim McGarry tim at mcgarry.ch
Wed Jan 16 10:43:04 EST 2002


So what do you think is the best approach

either
    give the key an absolute life of eg 2 hours from ssh-add time
or
    dump all keys 2 hours after the last request to the agent?

Tim McGarry

----- Original Message -----
From: "Markus Friedl" <markus at openbsd.org>
To: "Kevin Steves" <stevesk at pobox.com>
Cc: "Tim McGarry" <tim at mcgarry.ch>; <openssh-unix-dev at shitei.mindrot.org>
Sent: Tuesday, January 15, 2002 10:01 AM
Subject: Re: ssh-agent too easy to hack


> On Mon, Jan 14, 2002 at 09:43:00PM -0800, Kevin Steves wrote:
> > On Tue, 15 Jan 2002, Tim McGarry wrote:
> > :2/ I also think it should have a timeout too, perhaps dumping all keys
if
> > :the agent is unused for more than 30 mins.
> >
> > agent key timeouts would be good (e.g., ssh-add -t 2h).  someone just
> > needs to propose something and write the code.
>
> i'll do.
>




More information about the openssh-unix-dev mailing list