OpenSSH daemon security bug?
Ben Lindstrom
mouring at eviladmin.org
Wed Jan 6 03:11:38 EST 2010
On Jan 5, 2010, at 9:37 AM, Davi Diaz wrote:
>> co-worker wrote:
>>> You cannot distinguish passphrased keys from passphraseless ones.
>
> Is there any way to detect from sshd whether a private key has a passphrase or
> not?
>
> That would allow add a configuration option to be able to reject keys which
> does not has passphrases? That would be a security enhancement for OpenSSH.
In a word "no"... Because the server never sees the private key. The client handles the decrypting if there is a need.
- Ben
More information about the openssh-unix-dev
mailing list