bugzilla-daemon at bugzilla.mindrot.org
2012-Jan-31 16:22 UTC
[Bug 1974] New: Support for encrypted host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1974
Bug #: 1974
Summary: Support for encrypted host keys
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: zevweiss at gmail.com
Created attachment 2125
--> https://bugzilla.mindrot.org/attachment.cgi?id=2125
Patch to implement support for encrypted host keys in sshd
(Copy/paste from this post to the mailing list:
http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2)
I recently found myself wanting to run sshd with passphrase-protected
host keys rather than the usual unencrypted format, and was somewhat
surprised to discover that sshd did not support this. I'm not sure if
there's any particular reason for that, but I've developed the
[attached] patch (relative to current CVS at time of writing) that
implements this. It prompts for the passphrase when the daemon is
started, similarly to Apache's behavior with encrypted SSL
certificates.
My initial implementation instead operated by passing the passphrase
along to the rexec child, but I decided I thought it was slightly nicer
to decrypt the key once and pass it along rather than redoing it every
time. I can send the previous version if that would be preferred
though -- this key-passing version does have some resulting ugliness in
its handling of options.num_host_key_files, as described in a comment
in the patch.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-09 13:34 UTC
[Bug 1974] Support for encrypted host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1974
Petr Cerny [:hrosik] <pcerny at suse.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pcerny at suse.cz
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
Reasonably Related Threads
- PATCH: Support for encrypted host keys
- [Bug 1701] New: FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits
- [Bug 1647] Implement FIPS 186-3 for DSA keys
- [Bug 1647] Implement FIPS 186-3 for DSA keys
- [Bug 2558] New: Add RemoteCommand option to ssh client