1 |
Hi all, |
2 |
|
3 |
I think I'm barking up an impossible tree, but it's worth asking. |
4 |
|
5 |
Scenario: |
6 |
|
7 |
I have an sshd-enabled jump box catering for 100+ users. They all use ssh keys |
8 |
and we ask them all nicely to passphrase-protect the private key and pretend |
9 |
that we enforce this. Keys are in use because the admin load of coping with |
10 |
passwords isn't worth the effort. Fortunately, I have a security officer who |
11 |
is properly clued up and very willing to listen to reason. |
12 |
|
13 |
My question: |
14 |
|
15 |
Is there any known way, no matter how convulted and bizarre, of checking and |
16 |
enforcing from the server end that a private key is passphrase protected? Our |
17 |
own research indicates no. One possible way is to audit the user's client |
18 |
machine, but we don't have that level of access (and don't want it either) |
19 |
|
20 |
|
21 |
-- |
22 |
alan dot mckinnon at gmail dot com |