Re: Bug#112020: ITP: keychain -- An OpenSSH key manager
On Thu, Sep 13, 2001 at 01:00:11PM -0400, Brian Sniffen wrote:
>
> These are not equivalent situations. If the machine is turned off,
> keychain's keys are removed from memory. The passphraseless key is
> still on disk. It's also significantly harder to get the key out of
> ssh-agent's memory than it is to read it off of disk.
>
> Keychain is inappropriate for many situations. One case where it fits
> perfectly is an ssh gateway machine: lots of people connecting to a
> single account, which has a key with access to a wide-spread network.
> They get transparent access, their access to the wide-spread network
> can be controlled at the choke-point of the gateway machine, and the
> widely deployed key can be rotated smoothly and transparently. Only a
> few highly trusted people know the passphrase.
>
> This is *significantly* better than the other alternatives:
>
> * Put their keys on the wide-spread network. Now you have a KMI
> nightmare. Hundreds of keys to protect, and rotating them is
> hard, slow, and unreliable. Tracking what's been rotated is even worse.
>
> * Put a passphraseless key on the gateway machine. People will copy
> it to their home machines, desktops, wireless windows laptops, and
> so on. It's more convenient and helps them do their jobs.
>
> * Tell everyone the passphrase. Same problem.
Keychain runs as the user who owns the key, generally. This is
equivalent to giving all your users the passphrase. Recovering it with
a debugger is a trivial exercise for the reader.
--
Daniel Jacobowitz Carnegie Mellon University
MontaVista Software Debian GNU/Linux Developer
Reply to: