OpenSSH and Smartcard
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Sun Apr 3 03:01:35 EST 2005
On Sat, Apr 02, 2005 at 05:08:35PM +0200, Boris von Alten Blaskowitz wrote:
> I have I bad feeling with the ssh-agent. For example:
> A intruder can send every kind of data(email text) during a user
> session to the ssh-agent and this will be signed .
Check out the -c parameter to ssh-add, -agent will verify each
signature when you add keys with it, however..
> Another is, that root kan switch to my account and has also access
> to my ssh-keys on the smartcard.
..if you do not trust the host system through which you are sending
your PIN code to the card, you should take care of that issue first.
//Peter
More information about the openssh-unix-dev
mailing list