pkcs and host keys

Damien Miller djm at mindrot.org
Sat Sep 3 11:06:03 EST 2011


On Thu, 1 Sep 2011, Benjamin Myers wrote:

> Hi Damien,
> 
> I see in your asia bsdcon presentation you mentioned the possibility
> of storing host keys in PKCS #11.  I'm interested in using a usb rsa
> fob for host keys and am interested in this feature.  What's the
> current status?  As you said:  root compromise != persistent hostkey
> theft.

No, I haven't started working on it yet for lack of smartcard hardware.
I (or someone else) will probably get around to it sooner or later, but
it will go quicker if I can get a supported USB smartcard on OpenBSD.

-d


More information about the openssh-unix-dev mailing list