ssh-add: local private keys added to forwarded agents
Dave Ryan
dave at ugc.org.uk
Thu Jun 6 01:25:59 EST 2002
[ I am on the list, would you mind removing me from future replies? thanks. ]
Nicolas.Williams at ubsw.com said the following on Wed, Jun 05, 2002 at 10:58:37AM -0400,
>
> The behaviour you describe does not violate the [draft] specification. Clearly, many (most!) SSH users do not store keys in smartcards or any other kind of removable media, and noone claims such behaviour to be in violation of the [draft] spec. Note the word "ideally" in the spec text you quote.
Ok, I think you are confused, I was not referring to storage on smartcards (I
should probably have cut the kruft out).
I was pointing out:
The goal of this extension is to ensure that the users private keys
never leave the machine they are physically at.
Which (as you qualified yourself) is something that might be worth protecting
against.
> Also, your statement about the agent socket names is incorrect. It is "ls -F" that is adding that '=' to the end of the socket name.
Correct, I forgot I had -F aliased in my .profile. Thanks for pointing this
out.
> But I am not making such a proposal. I'm big enough to keep track of and
> know which sessions are which and which sessions have forwarded agents and
> which don't.
Like I said an addition to the man page would probably be sufficient,
surely its wrong to assume everyone is as big as you?
Thanks.
--
ugc Security Research
http://www.ugc.org.uk/~dave
More information about the openssh-unix-dev
mailing list