ssh-add: local private keys added to forwarded agents
Darren Moffat
Darren.Moffat at Sun.COM
Thu Jun 6 01:55:42 EST 2002
>Snippet from draft-ietf-secsh-agent-00.txt:
>
>2. Security Considerations
>
> This protocol is designed only to run as a channel of the SSH
> protocol.
>
> The goal of this extension is to ensure that the users private keys
> never leave the machine they are physically at. Ideally the private
> keys should be stored on a password protected removable media such as
> a smartcard.
>
>I noticed that ssh-add will add a private key to a forwarded agent, if
>there are no local agents started by that user - this breaks the draft
>specification as private keys on a local host are added to an agent
>running on a remote host.
Since that draft is very much a work in progress and OpenSSH doesn't
claim complaince with it - I don't think it is fair to hold them to it.
The draft at this point is a very rough cut of thoughts in my head, you
will also note that as far as technical details it is completely content
free in revision -00.txt.
Note also that it does say Ideally not MUST or SHOULD or any other RFC2026
keywords.
--
Darren J Moffat
More information about the openssh-unix-dev
mailing list