On 12/15/2016 1:45 AM, Kenny Simpson wrote: > yes, I found this after getting clued into HostKeyAgent. > Any updates since the post, or has it Just Worked ever since? It just works. Its a pretty low volume site and restricted to certain networks only. If it were internet facing, I would probably put some sort of port knocking in front of it as these keys tend not to be the fastest and bots brute forcing might DoS it. I hadnt done any heavy load testing. It easily survived my worst case load tests so I didnt bother going beyond that to see at what point it would break down compared to storing the private key in a file. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@xxxxxxxxxx Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev