> Date: Tue, 15 Jan 2002 19:08:55 +0100
> From: Markus Friedl <markus at openbsd.org>
> Cc: openssh-unix-dev at shitei.mindrot.org, openssh at openbsd.org
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> User-Agent: Mutt/1.3.25i
>
> On Tue, Jan 15, 2002 at 06:00:50PM -0000, John Bowman wrote:
> > > Date: Tue, 15 Jan 2002 17:29:44 +0100
> > > From: Markus Friedl <markus at openbsd.org>
> > > Cc: openssh at openbsd.org
> > > Content-Type: text/plain; charset=us-ascii
> > > Content-Disposition: inline
> > > User-Agent: Mutt/1.3.25i
> > >
> > > On Tue, Jan 15, 2002 at 03:46:15PM -0000, John Bowman wrote:
> > > > Can you implement the same code for IdentityFile? On
clusters, one wants to
> > > > make /ssh a local (non-NFS) file system and use a syntax
like this in the
> > > > system wide ssh_config file:
> > > >
> > > > IdentityFile /ssh/%u/id_rsa
> > >
> > > That's unlikely.
> > >
> > Oh? It is a serious security hole on many systems running openssh, so
I'm
>
> really? even if it's on unprotected NFS, id_rsa is still encrypted.
I presume you mean using non-blank passphrases. Many people trust the
integrity of their local file systems and use blank pass phrases, rather
than using ssh-agent, etc. (a good example of where this is absolutely
necessary is for tunnelling lpd through ssh, see
http://www.math.ualberta.ca/imaging/snfs/lpd). But this means that id_rsa
can't be stored on an NFS mounted partition.
Can you explain what is the conceptual problem that prevents you from
implementing the %u feature? It simply doesn't make sense to store private
keys on a publicly mounted partition!
-- John