[Bug 3155] openssh support hostkey encrypt

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Apr 27 11:21:27 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3155

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
First, you might be interested in ssh'd support for ssh-agent. This
allows you to do what you want without modifying sshd. Basically you
need to load your hostkeys in to a ssh-agent and tell sshd to use it
via the HostKeyAgent directive.

In answer to your question: in theory yes, but there are two problems.

1) where would the passphrase come from? It would need to be supplied
each time sshd is started (e.g. at reboot)

2) There is some subtlety around sshd's self-reexecution behaviour.
You'd need to ensure that the passphrase is available at re-exec time
too.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list