On Tue, Mar 25, 2003 at 08:23:09AM +0100, Reinhard Foerster wrote:
On Tue, 25 Mar 2003 08:09:23 +0100, Thomas Guettler wrote:
Die zweite Methode (ssh-agent) gefällt mir bis jetzt nicht, da jedes Programm auf meinen private key Zugreifen kann.
man ssh-agent:
The agent will never send a private key over its request channel. Instead, operations that require a private key will be performed by the agent, and the result will be returned to the requester. This way, pri vate keys are not exposed to clients using the agent.
man ssh-agent:
A unix-domain socket is created and the name of this socket is stored in the SSH_AUTH_SOCK environment variable. The socket is made accessible only to the current user. *This method is easily abused by root or another instance of the same user.*
Alle Programme, die unter meiner UID laufen können auf den Private Key zugreifen.
Gruß,
Thomas