[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz



On Mon, Apr 03, 2000 at 12:49:24PM +0200, Robert Bihlmeyer wrote:
> > As I understand it, you can't actually *obtain* the keys, you can just
> > *use* them. Often though, this is just as good.
> Yes. "Snarf" was the wrong word. Just being able to use them while the
> user is connected restricts your time to find the hosts this key
> unlocks.

And it might be worth mentioning that `ssh -v' from your local host, will
let you see which machines are getting your ssh-agent to do stuff. This
can get a bit ugly, but it's probably worthwhile.

An exercise for someone interested: hack ssh-agent so it pops up a window
which you can use to say `yes' or `no' to requests from non-localhosts for
secret key operations. Usual provisos about making this an option, and not
breaking things for people who don't use X, and so on.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpXlLYhl15hk.pgp
Description: PGP signature


Reply to: