Support for merging LPK into mainline openssh?
Jan Chadima
jchadima at redhat.com
Tue Oct 27 02:34:20 EST 2009
----- "Peter Lambrechtsen" <plambrechtsen at gmail.com> wrote:
> I like it.
>
> One thing that would be good is having some sort of signing mechnanism
> on the Agent. As I see you check to make sure the ownership of the
> file is ok.
>
> How about another approach is to sign the Agent with the servers
> private key (if that's possible??).
Maybe may be included SHA hash of agent program in the config file and it may be checked before running the agent. But it is necessary? and who will check all the shared libraies used?
>
> That way if the servers private key was compromised then you have a
> problem, otherwise the other checking on the file isn't necessary.
>
> Otherwise I really like it, and it would be great to see this sort of
> feature make its way into mainline.
>
>
> On Mon, Oct 26, 2009 at 11:49 PM, Jan Chadima < jchadima at redhat.com >
> wrote:
>
>
> Hello
> I've created patch to the openssh which allows to use an agent for
> obtaining the public keys.
> It may be the first step towards the implementation of something
> similar lpk. The solution is independent on the agent, so it may be
> used with ldap based agent or with any other technology.
> May be that patch acceptable as the first aproach to the lpk
> replacement?
> It is placet in mindrot's bugzilla #1663.
>
> --
> JFCh
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
JFCh
More information about the openssh-unix-dev
mailing list