[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#953080: create and store ssh private host keys in tpm?



Package: openssh-server
Version: 1:8.2p1-4
Severity: wishlist

The private host keys in /etc/ssh are (usually) unencrypted and easy to
steal, e.g. using docker (not shown here). Would it be possible to add
some code to postinst to make use of the tpm to create and store the
private ssh keys, if the hardware can be found?

See also the simple-tpm-pk11 package, for example
https://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly.html


Regards
Harri


Reply to: