| 1 |
Hi all, |
| 2 |
|
| 3 |
I think I'm barking up an impossible tree, but it's worth asking. |
| 4 |
|
| 5 |
Scenario: |
| 6 |
|
| 7 |
I have an sshd-enabled jump box catering for 100+ users. They all use ssh keys |
| 8 |
and we ask them all nicely to passphrase-protect the private key and pretend |
| 9 |
that we enforce this. Keys are in use because the admin load of coping with |
| 10 |
passwords isn't worth the effort. Fortunately, I have a security officer who |
| 11 |
is properly clued up and very willing to listen to reason. |
| 12 |
|
| 13 |
My question: |
| 14 |
|
| 15 |
Is there any known way, no matter how convulted and bizarre, of checking and |
| 16 |
enforcing from the server end that a private key is passphrase protected? Our |
| 17 |
own research indicates no. One possible way is to audit the user's client |
| 18 |
machine, but we don't have that level of access (and don't want it either) |
| 19 |
|
| 20 |
|
| 21 |
-- |
| 22 |
alan dot mckinnon at gmail dot com |
Archives