[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#112020: ITP: keychain -- An OpenSSH key manager

On Thu, Sep 13, 2001 at 01:00:11PM -0400, Brian Sniffen wrote:
> These are not equivalent situations.  If the machine is turned off,
> keychain's keys are removed from memory.  The passphraseless key is
> still on disk.  It's also significantly harder to get the key out of
> ssh-agent's memory than it is to read it off of disk.
> Keychain is inappropriate for many situations.  One case where it fits
> perfectly is an ssh gateway machine:  lots of people connecting to a
> single account, which has a key with access to a wide-spread network.
> They get transparent access, their access to the wide-spread network
> can be controlled at the choke-point of the gateway machine, and the 
> widely deployed key can be rotated smoothly and transparently.  Only a
> few highly trusted people know the passphrase.
> This is *significantly* better than the other alternatives:
> * Put their keys on the wide-spread network.  Now you have a KMI
>   nightmare.  Hundreds of keys to protect, and rotating them is
>   hard, slow, and unreliable.  Tracking what's been rotated is even worse.
> * Put a passphraseless key on the gateway machine.  People will copy
>   it to their home machines, desktops, wireless windows laptops, and
>   so on.  It's more convenient and helps them do their jobs.
> * Tell everyone the passphrase.  Same problem.

Keychain runs as the user who owns the key, generally.  This is
equivalent to giving all your users the passphrase.  Recovering it with
a debugger is a trivial exercise for the reader.

Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer

Reply to: