ssh-agent too easy to hack

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Wed Jan 16 13:03:59 EST 2002


Umm.. The first of the two.  You'd really piss people off while you are
explaining to them why they have to enter their passphrase AGAIN after
only two minutes.  =)  However I would still perfer a user definable
period.  Maybe with some reasonable upper limit (12 hours? <shrug>).

- Ben

On Wed, 16 Jan 2002, Tim McGarry wrote:

> So what do you think is the best approach
>
> either
>     give the key an absolute life of eg 2 hours from ssh-add time
> or
>     dump all keys 2 hours after the last request to the agent?
>
> Tim McGarry
>
> ----- Original Message -----
> From: "Markus Friedl" <markus at openbsd.org>
> To: "Kevin Steves" <stevesk at pobox.com>
> Cc: "Tim McGarry" <tim at mcgarry.ch>; <openssh-unix-dev at shitei.mindrot.org>
> Sent: Tuesday, January 15, 2002 10:01 AM
> Subject: Re: ssh-agent too easy to hack
>
>
> > On Mon, Jan 14, 2002 at 09:43:00PM -0800, Kevin Steves wrote:
> > > On Tue, 15 Jan 2002, Tim McGarry wrote:
> > > :2/ I also think it should have a timeout too, perhaps dumping all keys
> if
> > > :the agent is unused for more than 30 mins.
> > >
> > > agent key timeouts would be good (e.g., ssh-add -t 2h).  someone just
> > > needs to propose something and write the code.
> >
> > i'll do.
> >
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list