new option ssh-add -v to verify if key is loaded into the agent
Eitan Adler
lists at eitanadler.com
Sat Apr 9 04:02:08 EST 2011
> My problem is that the agent is not under my control. So I could just
> believe what he is telling me (output of ssh-add -L). But I would like
> to verify that he is not lying. So this patch verifies cryptographically
> with challenge/response that the agent has really loaded the private
> key, identical to the public key authentication via ssh-agent.
Giving an agent outside of your control access to your private key is
not a smart thing to do.
--
Eitan Adler
More information about the openssh-unix-dev
mailing list