ssh-agent decrypt
Peter Moody
mindrot at hda3.com
Tue Nov 20 12:17:38 AEDT 2018
> So it's not clear this provides any advantage over just using the existing
> encrypted channel.
Well in this case there isn't necessarily an existing encrypted ssh
channel b/c i'm presenting the cert (well, a cert-backed message) to
something other than sshd, so it could be over just about any
transport protocol.
but all of these are valid points for why something like this already
in ssh-agent. as I said, moronic monday, at least in pst. :)
> Actually, you don't need any extensions to do this - you can get
> the pubkey from the agent directly
yeah, getting the pubkey is no problem. it's getting access to the
private key to do the decryption.
Cheers,
peter
More information about the openssh-unix-dev
mailing list