Re: The keychain package, its debconf templates, the security hole induced
On Fri, Jan 21, 2005 at 07:42:07AM -0200, Henrique de Moraes Holschuh wrote:
> On Fri, 21 Jan 2005, Martin Quinson wrote:
> > Dudes. There is a reason why those informations are not written to file by
> > ssh itself. If my local machine gets corrupted, I'm happy to see the
>
> And it is because all of ssh-agent is a second-thought crap, as evidenced by
> the fact that stock ssh-agent is not capable of "withholding keys unless
> given explicit permission to act every time one request comes".
SSH-ADD(1) BSD General Commands Manual SSH-ADD(1)
-c Indicates that added identities should be subject to con-
firmation before being used for authentication. Confir-
mation is performed by the SSH_ASKPASS program mentioned
below. Successful confirmation is signaled by a zero
exit status from the SSH_ASKPASS program, rather than
text entered into the requester.
This was added in OpenSSH 3.6.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: