Re: The keychain package, its debconf templates, the security hole induced

[Colin Watson <cjwatson@debian.org>]

On Fri, Jan 21, 2005 at 07:42:07AM -0200, Henrique de Moraes Holschuh wrote:
> On Fri, 21 Jan 2005, Martin Quinson wrote:
> > Dudes. There is a reason why those informations are not written to file by
> > ssh itself. If my local machine gets corrupted, I'm happy to see the
> 
> And it is because all of ssh-agent is a second-thought crap, as evidenced by
> the fact that stock ssh-agent is not capable of "withholding keys unless
> given explicit permission to act every time one request comes".

SSH-ADD(1)            BSD General Commands Manual           SSH-ADD(1)

     -c      Indicates that added identities should be subject to con-
             firmation before being used for authentication.  Confir-
             mation is performed by the SSH_ASKPASS program mentioned
             below.  Successful confirmation is signaled by a zero
             exit status from the SSH_ASKPASS program, rather than
             text entered into the requester.

This was added in OpenSSH 3.6.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]