Bug#953080: create and store ssh private host keys in tpm?

To: submit@bugs.debian.org
Subject: Bug#953080: create and store ssh private host keys in tpm?
From: Harald Dunkel <harald.dunkel@aixigo.com>
Date: Wed, 4 Mar 2020 08:43:25 +0100
Message-id: <[🔎] d90e2170-235c-0e6a-f561-48b3bd98270d@aixigo.com>
Reply-to: Harald Dunkel <harald.dunkel@aixigo.com>, 953080@bugs.debian.org

Package: openssh-server
Version: 1:8.2p1-4
Severity: wishlist

The private host keys in /etc/ssh are (usually) unencrypted and easy to
steal, e.g. using docker (not shown here). Would it be possible to add
some code to postinst to make use of the tpm to create and store the
private ssh keys, if the hardware can be found?

See also the simple-tpm-pk11 package, for example
https://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly.html


Regards
Harri

Reply to:

Prev by Date: Bug#953035: openssh-client: SIGABRT with “corrupted size vs. prev_size”
Next by Date: Saludos
Previous by thread: Bug#953035: openssh-client: SIGABRT with “corrupted size vs. prev_size”
Next by thread: Saludos
Index(es):
- Date
- Thread