jchadima at redhat
Oct 26, 2009, 8:34 AM
Post #2 of 2
(143 views)
Permalink
|
|
Re: Support for merging LPK into mainline openssh?
[In reply to]
|
|
----- "Peter Lambrechtsen" <plambrechtsen[at]gmail.com> wrote:
> I like it.
>
> One thing that would be good is having some sort of signing mechnanism
> on the Agent. As I see you check to make sure the ownership of the
> file is ok.
>
> How about another approach is to sign the Agent with the servers
> private key (if that's possible??).
Maybe may be included SHA hash of agent program in the config file and it may be checked before running the agent. But it is necessary? and who will check all the shared libraies used?
>
> That way if the servers private key was compromised then you have a
> problem, otherwise the other checking on the file isn't necessary.
>
> Otherwise I really like it, and it would be great to see this sort of
> feature make its way into mainline.
>
>
> On Mon, Oct 26, 2009 at 11:49 PM, Jan Chadima < jchadima[at]redhat.com >
> wrote:
>
>
> Hello
> I've created patch to the openssh which allows to use an agent for
> obtaining the public keys.
> It may be the first step towards the implementation of something
> similar lpk. The solution is independent on the agent, so it may be
> used with ldap based agent or with any other technology.
> May be that patch acceptable as the first aproach to the lpk
> replacement?
> It is placet in mindrot's bugzilla #1663.
>
> --
> JFCh
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev[at]mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
JFCh
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev[at]mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
