ssh server configuration - Are public key and password exclusive?
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 13 21:24:14 UTC 2012
On Fri, Jan 13, 2012 at 4:11 PM, William Muriithi
<william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Christopher
>> It *can* be enforced if the process that draws in entries for
>> ~/.ssh/authorized_keys requires checking that the private key has a
>> password.
>>
> Hmm, not sure I understood you. How would you enforce it if you have
> a contractor in USA and no physical access to his laptop during the
> key pair generation? Can you tell the private key is secured by a
> password when all you have is the public key?
You tell them:
"Give me a copy of both the private key and the public key. If I
don't see a passphrase on the private key, I won't be adding this key
to ~/.ssh/authorized_keys"
Further...
"You don't want to give me the private key? Well, if you don't give
me both keys, I won't be authorizing your access. Giving me both keys
is a condition of your Continued Employment."
I'm not certain it's easy to validate that a public and private key
correspond to each other without having the password; I leave that
puzzle for others to puzzle over.
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list