[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] The danger of SSH keys..

To: SAGE Members Mailing List <sage-members@usenix.org>
Subject: Re: [SAGE] The danger of SSH keys..
From: Bryan Fullerton <bryanf@samurai.com>
Date: Mon, 22 Jan 2007 14:43:24 -0500
In-Reply-To: <1096018946.20070122130129@puryear-it.com>
References: <410572049.20070122085528@puryear-it.com> <1096018946.20070122130129@puryear-it.com>
Sender: owner-sage-members@usenix.org
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)

Dustin Puryear wrote:
> With keys, I want the ability to:
>
> 1. Expire keys at the server, even if that means rotating the public
> key out of authorized_keys2 (this could be done today using scripts).
>
> 2. Remove public keys when an employee is fired. Really, this can all
> be handled now via homedirs, requiring sudo, and protecting my root
> authorized_keys2.
>
>   

Sounds like you want a way to do CRL with SSH.

> 3. Require private keys to have strong passwords (no realistic way to
> enforce this).
>
> With this, I think the strength in using SSH keys could be
> dramatically increased.
>   

Absolutely, but I think it's unlikely to be implemented unless you do it 
yourself or pay someone.

Bryan

References:
- [SAGE] The danger of SSH keys..
  - From: "Dustin Puryear" <dustin@puryear-it.com>
- Re[2]: [SAGE] The danger of SSH keys..
  - From: "Dustin Puryear" <dustin@puryear-it.com>

Prev by Date: Re[2]: [SAGE] The danger of SSH keys..
Next by Date: Re: [SAGE] The danger of SSH keys..
Prev by thread: Re[2]: [SAGE] The danger of SSH keys..
Next by thread: Re: Re[2]: [SAGE] The danger of SSH keys..
Index(es):
- Date
- Thread