private keys and users access to them

From: Tobias Speckbacher (tobias_at_quova.com)
Date: 05/01/04

  • Next message: Jeremy Lin: "Re: private keys and users access to them"
    Date: Fri, 30 Apr 2004 17:43:11 -0700
    To: <secureshell@securityfocus.com>
    
    

    Hi guys,

    I am in the process of switching all logons in my production environment
    to a key based system. Currently everyone just creates their key pairs,
    or I create it for them, and I deposit the public key on the remote
    system.

    Here comes the question...

    I do not want users to grab their private key and take them to other
    systems or even worse take the key out of the office.

    Is there a way for me to prohibit the users access to the key ?
    Currently I am assuming that there isn't since ssh/scp/sftp process are
    owned by the user and as such have to have access to the key to process
    the authentication (hence the user will have access to it too).

    If there is a way to accomplish this please enlighten me !

    Regards,

    Tobias


  • Next message: Jeremy Lin: "Re: private keys and users access to them"