RE: ssh-add and passphrase

From: Turner, Carl H [NTWK SVCS] (CarlTurner_at_NMCC.SprintSpectrum.com)
Date: 08/26/03

  • Next message: Marc W.: "Re: log files"
    Date: Tue, 26 Aug 2003 10:33:53 -0500
    To: "Armin M. Safarians" <armin.safarians@safeway.com>, <secureshell@securityfocus.com>
    
    

    If you are wanting to place a passphrase in memory via ssh-agent (or something similar) w/o user interaction, you are defeating the whole purpose of this feature.
    If you don't want human interaction to get the passphrase back into memory when ssh-agent dies, don't use passphrases.

    -Carl

    -----Original Message-----
    From: Armin M. Safarians [mailto:armin.safarians@safeway.com]
    Sent: Friday, August 22, 2003 1:12 PM
    To: secureshell@securityfocus.com
    Subject: ssh-add and passphrase

    Can someone tell me how I can enter a passphrase for an indentity inside
    an agent using ssh-add authomatically. I mean non-interactive.
    I have a need to do this from a script.?

    Thanks,

    "MMS <safeway.com>" made the following annotations.
    ------------------------------------------------------------------------------
    Warning:
    All e-mail sent to this address will be received by the Safeway corporate
    e-mail system, and is subject to archival and review by someone other than the
    recipient. This e-mail may contain information proprietary to Safeway and is
    intended only for the use of the intended recipient(s). If the reader of this
    message is not the intended recipient(s), you are notified that you have
    received this message in error and that any review, dissemination,
    distribution or copying of this message is strictly prohibited. If you have
    received this message in error, please notify the sender immediately.
      
    ==============================================================================


  • Next message: Marc W.: "Re: log files"

    Relevant Pages

    • Re: GC and security
      ... passphrase into the system and passed into a decryption functions (we ... eventually it gets garbage collected and the memory recycled. ... Since Python uses reference counting, if you drop all references, the object is garbaged collected immediately, and the associated memory is freed. ... you could obscure things a bit by storing the passphrase as a list of characters, or a list of integers, and write it to gpg one character at a time (if that's possible; if not, you may need to write a custom extension that builds a command string in a C-level buffer, runs the command, and then overwrites the buffer before returning). ...
      (comp.lang.python)
    • Re: GC and security
      ... passphrase into the system and passed into a decryption functions (we ... eventually it gets garbage collected and the memory recycled. ... Since Python uses reference counting, if you drop all references, the ... The individual characters from the ...
      (comp.lang.python)
    • Re: [opensuse] Loading an encrypted partition at boot time
      ... I now have to type in the passphrase to allow mounting of ... USB memory stick, which would have to be present to allow the machine to ... If you don't know how to make that script, ... make it difficult for anyone who stole/found my laptop to get into it. ...
      (SuSE)
    • Re: Attaching conditions to RIPA ?
      ... Then your memory must be exceptionally good. ... related to a passphrase I ... for experimentation, or I typoed it when entering it. ... In each case I'm keeping the system intact in case inspiration stikes! ...
      (uk.legal)
    • Re: [opensuse] Loading an encrypted partition at boot time
      ... What I would like to do is put a passphrase onto a USB ... memory stick, which would have to be present to allow the machine to boot ... How do get the system to mount the USB memory stick *before* it tries to mount ...
      (SuSE)