ssh-add: local private keys added to forwarded agents
Ed Phillips
ed at UDel.Edu
Thu Jun 6 02:05:07 EST 2002
On Wed, 5 Jun 2002, Darren Moffat wrote:
> Date: Wed, 5 Jun 2002 08:55:42 -0700 (PDT)
> From: Darren Moffat <Darren.Moffat at Sun.COM>
> To: dave at ugc.org.uk
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: ssh-add: local private keys added to forwarded agents
>
> >Snippet from draft-ietf-secsh-agent-00.txt:
> >
> >2. Security Considerations
> >
> > This protocol is designed only to run as a channel of the SSH
> > protocol.
> >
> > The goal of this extension is to ensure that the users private keys
> > never leave the machine they are physically at. Ideally the private
> > keys should be stored on a password protected removable media such as
^^^^^^
||||||
Maybe you should change this word to "could" or "would" or something
else...
Ed
> > a smartcard.
> >
> >I noticed that ssh-add will add a private key to a forwarded agent, if
> >there are no local agents started by that user - this breaks the draft
> >specification as private keys on a local host are added to an agent
> >running on a remote host.
>
> Since that draft is very much a work in progress and OpenSSH doesn't
> claim complaince with it - I don't think it is fair to hold them to it.
>
> The draft at this point is a very rough cut of thoughts in my head, you
> will also note that as far as technical details it is completely content
> free in revision -00.txt.
>
> Note also that it does say Ideally not MUST or SHOULD or any other RFC2026
> keywords.
>
> --
> Darren J Moffat
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list