Gentoo Archives: gentoo-user

From: Jorge Almeida <jalmeida@××××××××××××.pt>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] ssh-agent
Date: Tue, 21 Nov 2006 18:47:13
Message-Id: Pine.LNX.4.64.0611211829330.8638@jmaa.math.ist.utl.pt
In Reply to: Re: [gentoo-user] ssh-agent by "Boyd Stephen Smith Jr."
1 On Tue, 21 Nov 2006, Boyd Stephen Smith Jr. wrote:
2
3 >>
4 >> OK, that's what I thought. But a troian running with the normal user
5 >> permissions could get the keys by reading the temporary directory (not
6 >> by connecting to the socket). Is this right?
7 >
8 > No. There's no files in the temporary directory besides the socket.
9 >
10 >> Or are the keys protected
11 >> in some other way?
12 >
13 > They are only stored in locked memory; they are never on disk unencrypted.
14 > Anyone that can read locked memory can access them, but this is very few
15 > users/processes on Linux -- and besides those same users will be able to
16 > read the key as you authenticate even if you don't use ssh-agent, as long
17 > as they time things right.
18 >
19 OK, this sounds better! I posted to the gnupg-users, asking a similar
20 question about gpg-agent. I guess gpg-agent works the same way.
21
22 I think these details about the workings of ssh-agent deserve more
23 visibility. Did you find some unusual documentation or read the source?
24 The latter is not in my skills, unfortunately.
25
26 Thanks.
27 --
28 Jorge Almeida
29 --
30 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] ssh-agent "Boyd Stephen Smith Jr." <bss03@××××××××××.net>
Re: [gentoo-user] ssh-agent Mick <michaelkintzios@×××××.com>