Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] ssh-agent
Date: Mon, 20 Nov 2006 22:54:42
Message-Id: 200611202247.23806.michaelkintzios@gmail.com
In Reply to: [gentoo-user] ssh-agent by Jorge Almeida
1 On Monday 20 November 2006 17:20, Jorge Almeida wrote:
2 > I've been reading the ssh-agent documentation (and googling) and it
3 > seems clear, except for two issues for which I couldn't find any docs:
4 >
5 > What (where) is the ssh-agent cache? Some directory where the decrypted
6 > keys are kept? (I mean, if I keep ssh-agent running all day, is it more
7 > secure than just having my private keys unencrypted?)
8
9 I understand (but could well be wrong) that the ssh-agent creates a new
10 directory in /tmp/ with restrictive permissions (0700) and then creates a
11 unix socket in it, with rather restrictive permissions (0600). Anyone who can
12 connect to this socket (a hacker?!) could access your decrypted keys. Also,
13 root can access the socket and therefore your keys.
14
15 > When adding keys with ssh-add, does it use protected memory to get the
16 > passphrases?
17
18 I believe the above answer covers this too. If you run the ssh-add with
19 the -c option the agent will run the ssh-askpass when anyone tries to
20 retrieve the passwords.
21
22 This is how it used to be last time I looked at it, not sure how it has
23 evolved over the last few months.
24 --
25 Regards,
26 Mick

Replies

Subject Author
Re: [gentoo-user] ssh-agent Jorge Almeida <jalmeida@××××××××××××.pt>
Re: [gentoo-user] ssh-agent "Boyd Stephen Smith Jr." <bss03@××××××××××.net>