Re: The keychain package, its debconf templates, the security hole induced

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Fri, 21 Jan 2005, Colin Watson wrote:
> On Fri, Jan 21, 2005 at 07:42:07AM -0200, Henrique de Moraes Holschuh wrote:
> > On Fri, 21 Jan 2005, Martin Quinson wrote:
> > > Dudes. There is a reason why those informations are not written to file by
> > > ssh itself. If my local machine gets corrupted, I'm happy to see the
> > 
> > And it is because all of ssh-agent is a second-thought crap, as evidenced by
> > the fact that stock ssh-agent is not capable of "withholding keys unless
> > given explicit permission to act every time one request comes".
> 
> SSH-ADD(1)            BSD General Commands Manual           SSH-ADD(1)
> 
>      -c      Indicates that added identities should be subject to con-
>              firmation before being used for authentication.  Confir-
>              mation is performed by the SSH_ASKPASS program mentioned
>              below.  Successful confirmation is signaled by a zero
>              exit status from the SSH_ASKPASS program, rather than
>              text entered into the requester.
> 
> This was added in OpenSSH 3.6.

I stand corrected (and I am enabling that everywhere this instant!).

Thanks Colin!

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh