RE: passphrase/ssh2

From: \ (monroe_at_peoplego.com)
Date: 08/05/05

  • Next message: Popeanga Marian: "unable to use SSH_ASKPASS"
    To: Michael Mannsberger <mm450exc@gmail.com>
    Date: Thu, 04 Aug 2005 17:32:23 -0700
    
    

    The private keys when stored are pem encoded. I presume you want to
    search the file system and find unprotected keys. Provided the file
    systems that you are searching are receptive to such a query. If a
    private key is encrypted it will say so in the first N bytes of the
    file.

    My experience has suggested if the key is encrypted, but the files
    indicated as such would necessitate a custom ssh client. It would seem
    to me in your favorite scripting or compiled language: check the file to
    ensure ascii, open the file, check the first couple of lines to
    determine key type: openssh2, openssh.com, putty etc...
    Then pass the next lines to your check functions if you don't find the
    crypto notice then its an unprotected file.

    I presume you are already versed in the command option the public key
    entries can contain such can mitigate much of the risk associated with
    an unencrypted private key.

    Best,

    JC

    >
    > > How can I check if a ssh2 key has a passphrase set or not? I
    > > know the structure of a ssh1 private key but can't find
    > > anything on ssh2.
    > >
    > > -mike


  • Next message: Popeanga Marian: "unable to use SSH_ASKPASS"

    Relevant Pages

    • Re: ComputeSignature: The Keyset is not defined
      ... When the private key is on the smart card, you can't adjust the ACL for the key like you would with a key on the file system that is not protected. ... "mtrekker" wrote in message ...
      (microsoft.public.dotnet.security)
    • Re: Multiple PC syncronization
      ... > But if you run it from a cron job, the private key needs to be available ... > It's probably protected by the file system, ... if you want automated copying, it's easier to secure one copy of one ...
      (comp.os.linux.security)