some thoughts about ssh-add -c -t

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

first let me thank you all for writing and maintainig OpenSSH. Working
with Linux for almost 20 years, my life would be totally different
without OpenSSH. And it wouldn't be any better.

I have recently experimented with ssh-add -c -t and AddKeysToAgent to
reduce attack vectors against my ssh-agent connections. While this seems
to me generally useable, having a graphical ssh-askpass pop up so often
has been proven to be generally annoying.

Additionally, I frequently ssh to another host with AgentForwarding and
X11 Forwarding disabled, start another agent there, load a key there and
ssh to a second host. That way, the second ssh-agent doesn't have a
display to invoke ssh-askpass.

Is there a way to have a non-graphical ssh-askpass on the terminal, even
if that means to have the ssh-client that was just invoked prompt for
confirmation like it does for the passphrase with AddKeysToAgent
enabled?

Also, how about allowing wildcards in IdentityFile, therefore allowing
things like IdentityFile %d/.ssh/id_* ?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux