Re: Solaris 9 ssh

From: Cameron Simpson (
Date: 10/19/03

  • Next message: Brown, Rodrick: "Solaris 8 SSH Issues."
    Date: Sun, 19 Oct 2003 11:41:04 +1000
    To: kevin mckay <>

    On 00:03 18 Oct 2003, kevin mckay <> wrote:
    | Another ssh question
    | Does anyone know if it is possible on the server side to
    | require a key AND pass phrase?

    It's not. The passphrase is entirely a client-side thing - it has no
    part in the ssh protocol. It is purely a client-side protection for the
    private key itself. Therefore it's possible for the client (if s/he's
    an idiot, and we all know a few) to remove the passphrase on a general
    purpose ssh key i.e. make it the empty string.

    Actually, now I think about it, you could hack something up. You could
    make their login shell be something that requires a passphrase and the
    runs their "real" shell. Fiddly.

    Cameron Simpson <> DoD#743
    If all around you is darkness and you feel you're contending in vain,
    then the light at the end of the tunnel is the front of an oncoming train.

  • Next message: Brown, Rodrick: "Solaris 8 SSH Issues."

    Relevant Pages

    • RE: Controlling ssh from an external program
      ... passphrase could be discovered and the private key would fall into dangerous ... NB the SSH environment strings need to be included in this mixture! ... character as the final character could signify accept from a file. ... Controlling ssh from an external program ...
    • Re: More on learning "Public Key Authentication"
      ... > computers in my local network are configured that way. ... > A long passphrase is a good idea but for other reasons. ... I _think_ a passphrase is used merely to verify that a public SSH ... _public_ keys between computers, so I do not even use a public SSH ...
    • different SSH/keychain behavior on Fedora Core 4?
      ... I'm wondering if anyone's seen different SSH and keychain behavior on ... But since upgrading the home machine to FC4 this trick no longer works ... for the passphrase for the local RSA private key... ... I realize that this may be more of an SSH question than an actual Fedora ...
    • Re: Working with sshs escape character
      ... Try hitting tilde followed by period and see what happens within an ssh ... from within a login shell over ssh. ... The escape character must always follow a newline to be interpreted as ...
    • Re: Defering passphrase entry with ssh-add
      ... I'm not aware of any technical reason why ssh-add couldn't defer requesting a password until its required. ... Yes which is why you only check/run it when ssh is used. ... until it determined it needed your passphrase. ... Again, ssh-agent works for me across all terminals as well as just in X, it's ssh-add you are talking about here which is ...