Darren Tucker dtucker at
Fri Nov 17 09:27:59 EST 2006

Pawel Krupinski wrote:
> One of the problems we are facing is secure storage of
> passwords (database, bestcrypt, other
> applications/systems, …) and availability within
> I'm using ssh agent currently just to manage my keys
> and practically they are used only to provide me with
> SSO to other ssh based systems. Why not use these keys
> (or a separate ssh key pair) to protect passwords to
> things such as database? 

Don't forget that the agent functionality is available on any host that 
you have logged onto with agent forwarding enabled, so anyone 
controlling any one of those hosts can use your agent to decrypt your stuff.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list