Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Enforcing passphrase protected ssh keys
Date: Wed, 17 Sep 2008 07:59:12
1 Hi all,
3 I think I'm barking up an impossible tree, but it's worth asking.
5 Scenario:
7 I have an sshd-enabled jump box catering for 100+ users. They all use ssh keys
8 and we ask them all nicely to passphrase-protect the private key and pretend
9 that we enforce this. Keys are in use because the admin load of coping with
10 passwords isn't worth the effort. Fortunately, I have a security officer who
11 is properly clued up and very willing to listen to reason.
13 My question:
15 Is there any known way, no matter how convulted and bizarre, of checking and
16 enforcing from the server end that a private key is passphrase protected? Our
17 own research indicates no. One possible way is to audit the user's client
18 machine, but we don't have that level of access (and don't want it either)
21 --
22 alan dot mckinnon at gmail dot com


Subject Author
Re: [gentoo-user] Enforcing passphrase protected ssh keys Jil Larner <jil@××××.eu>