PATCH: Support for encrypted host keys
zevweiss at gmail.com
Wed Feb 1 03:25:54 EST 2012
On Jan 31, 2012, at 8:56 AM, Daniel Kahn Gillmor wrote:
> Hi Zev--
> On 01/28/2012 04:25 AM, Zev Weiss wrote:
>> I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual unencrypted format, and was somewhat surprised to discover that sshd did not support this. I'm not sure if there's any particular reason for that, but I've developed the below patch (relative to current CVS at time of writing) that implements this. It prompts for the passphrase when the daemon is started, similarly to Apache's behavior with encrypted SSL certificates.
> Can i ask what threats you hope to mitigate with this approach? What
> are your concerns about having a cleartext ~/.ssh/known_hosts?
> Also, you might want to file this at https://bugzilla.mindrot.org/, so
> that the suggestion and the patch don't get lost in the mailing list
> archive if they're not immediately accepted or applied.
As Ángel mentioned, this regards server-side /etc/ssh/ssh_host*key files, not ~/.ssh/known_hosts on the client.
As for threat mitigation -- an attacker who was able to read the file, e.g. via some sort of permissions bypass or perhaps a compromised system backup, would not be immediately able to impersonate the host.
Thanks for the bugzilla tip -- now posted at https://bugzilla.mindrot.org/show_bug.cgi?id=1974.
More information about the openssh-unix-dev