search for: 0cc47adc5fce

...o wrap the key for the key handle. -- Christian "naddy" Weisgerber naddy at mips.inka.de _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://protect2.fireeye.com/v1/url?k=c4371812-988227ab-c4373207-0cc47adc5fce-56c2948a65834232&q=1&e=0f45e6c0-4544-44ae-af8d-3d64af881ea7&u=https%3A%2F%2Flists.mindrot.org%2Fmailman%2Flistinfo%2Fopenssh-unix-dev

In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?

...en so it can find the private key. -- Christian "naddy" Weisgerber naddy at mips.inka.de _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://protect2.fireeye.com/v1/url?k=102d876a-4c98b8d3-102dad7f-0cc47adc5fce-f963eec20cc653fd&q=1&e=445ca71b-c946-44b4-a663-d2d3fc1f288f&u=https%3A%2F%2Flists.mindrot.org%2Fmailman%2Flistinfo%2Fopenssh-unix-dev

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri