bugzilla-daemon at bugzilla.mindrot.org
2012-Jan-31 16:22 UTC
[Bug 1974] New: Support for encrypted host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1974 Bug #: 1974 Summary: Support for encrypted host keys Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: zevweiss at gmail.com Created attachment 2125 --> https://bugzilla.mindrot.org/attachment.cgi?id=2125 Patch to implement support for encrypted host keys in sshd (Copy/paste from this post to the mailing list: http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2) I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual unencrypted format, and was somewhat surprised to discover that sshd did not support this. I'm not sure if there's any particular reason for that, but I've developed the [attached] patch (relative to current CVS at time of writing) that implements this. It prompts for the passphrase when the daemon is started, similarly to Apache's behavior with encrypted SSL certificates. My initial implementation instead operated by passing the passphrase along to the rexec child, but I decided I thought it was slightly nicer to decrypt the key once and pass it along rather than redoing it every time. I can send the previous version if that would be preferred though -- this key-passing version does have some resulting ugliness in its handling of options.num_host_key_files, as described in a comment in the patch. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-09 13:34 UTC
[Bug 1974] Support for encrypted host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1974 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
Possibly Parallel Threads
- PATCH: Support for encrypted host keys
- [Bug 1701] New: FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits
- [Bug 1647] Implement FIPS 186-3 for DSA keys
- [Bug 1647] Implement FIPS 186-3 for DSA keys
- [Bug 2558] New: Add RemoteCommand option to ssh client