RFC: encrypted hostkeys patch

Zev Weiss zev at bewilderbeest.net
Wed Jun 26 13:18:10 EST 2013

On Tue, Jun 25, 2013 at 09:29:19PM +1000, Damien Miller wrote:
> On Mon, 24 Jun 2013, Zev Weiss wrote:
> > Hi,
> > 
> > About a year and a half ago I brought up the topic of encrypted hostkeys
> > and posted a patch
> > (http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
> > general reaction seemed receptive to the idea, a few problems were pointed
> > out with the implementation (UI issues, ssh-keysign breakage).
> > 
> > I've finally had some spare time in which to get back to this, and I've
> > written a new patch which has the daemon talking to an ssh-agent for
> > private key operations, as suggested in the previous conversation -- the
> > current version of the patch can be found below.
> Wow - thanks! This was on my list of things to do and I'm very glad
> that you beat me to it.
> Could I ask you to create a bug at https://bugzilla.mindrot.org/ and
> attach your patch and the below comments there so we can track and review
> them?

Sure -- I've resurrected the existing bugzilla entry from my earlier
attempt: https://bugzilla.mindrot.org/show_bug.cgi?id=1974

(I'll add further stuff there, unless an entirely new entry is actually


More information about the openssh-unix-dev mailing list