OpenSSH ssh-keygen and non-empty passphrase

• Previous message: Paride Desimone: "Re: openssh on os400 or aix"
• Next in thread: Matthew Poole: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Reply: Matthew Poole: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Reply: Bill Marcum: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 May 2005 07:11:33 -0700

Hi,

Is it possible to configure ssh-keygen that it is not possible to use
empty passphrases and configure the minimal length of a passphrase?

Or: As an alternative one can write a wrapper script that checks for
the passphrase. But ssh-keygen seems only to accept a passphrase as
command argument and not from standard input. This is unsafe because in
the moment of generating a new SSH keypair one can see the passphrase
when doing a 'ps -ef'.

Reading the new passphrase from standard input or setting global
passphrase policies for ssh-keygen would be a good feature. Or is it
somewhere hidden in the code and must be activated at compile time?

Thanks in advance.

Regards,
Bernd

• Previous message: Paride Desimone: "Re: openssh on os400 or aix"
• Next in thread: Matthew Poole: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Reply: Matthew Poole: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Reply: Bill Marcum: "Re: OpenSSH ssh-keygen and non-empty passphrase"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]