OpenSSH daemon security bug?

Ben Lindstrom mouring at eviladmin.org
Wed Jan 6 03:11:38 EST 2010


On Jan 5, 2010, at 9:37 AM, Davi Diaz wrote:

>> co-worker wrote:
>>> You cannot distinguish passphrased keys from passphraseless ones.
> 
> Is there any way to detect from sshd whether a private key has a passphrase or 
> not?
> 
> That would allow add a configuration option to be able to reject keys which 
> does not has passphrases?  That would be a security enhancement for OpenSSH.

In a word "no"... Because the server never sees the private key.  The client handles the decrypting if there is a need. 

- Ben


More information about the openssh-unix-dev mailing list