Re: Enforce Passphrase on keys

From: "Robert Hajime Lanning" <robert.lanning@xxxxxxxxx>
Date: Thu, 3 Jul 2008 11:24:02 -0700

On Thu, Jul 3, 2008 at 7:31 AM, Michael Wisniewski <wiz561@xxxxxxxxx> wrote:

However, how does one go about implementing this if their private key
is on the local system? If the private key is on your server, you
could probably put it in a login script. But being that it is on the
local system, how would you go about verifying the passphrase?

This is not possible. The status of the private key is not passed across
the ssh connection.

I have seen people create a "bastion" host, that allows ssh login, but with
passwords only. Then allow key based auth from there. This gave the
capability of controlling the private key environment.

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri

References:
- Enforce Passphrase on keys
  - From: Michael Wisniewski

Prev by Date: Re: On why debugging OpenSSH can be so hard
Next by Date: Re: On why debugging OpenSSH can be so hard
Previous by thread: Re: Enforce Passphrase on keys
Next by thread: On why debugging OpenSSH can be so hard
Index(es):
- Date
- Thread

Relevant Pages

Re: Enforce Passphrase on keys
... I've been trying to dig around and find a way to enforce passphrases ... on private keys when you authenticate. ... how does one go about implementing this if their private key ... local system, how would you go about verifying the passphrase? ...
(SSH)
Enforce Passphrase on keys
... I've been trying to dig around and find a way to enforce passphrases ... how does one go about implementing this if their private key ... local system, how would you go about verifying the passphrase? ... My idea is to have the server deny the connection if a ...
(SSH)