ssh-agent decrypt
Stephen Harris
lists at spuddy.org
Tue Nov 20 10:46:24 AEDT 2018
On Tue, Nov 20, 2018 at 10:35:06AM +1100, Damien Miller wrote:
> 0) AFAIK nobody has ever asked before :)
> 1) Not all SSH key algorithms support decryption, e.g. ECDSA and Ed25519
> are signature-only. Only RSA allows decryption without abusing the key.
> 2) It's generally frowned upon to use the same key for encryption and
> signing.
Also note that the authentication key may be weaker than the channel
encryption key; eg an RSA2048 bit key is only the equivalent of 112 bits
of symetrical key strength.
So it's not clear this provides any advantage over just using the existing
encrypted channel.
--
rgds
Stephen
More information about the openssh-unix-dev
mailing list