Hi Simon:
I am glad you brought up this issue because I am NOT using OpenSSL.
Further, investigation is needed to determine if my environment can
support ssh-agent. However, the security issue you mentioned
is very valid and difficult. How do you recommend protecting private keys
in an automated environment ?
Best Regards,
Paul R.
Simon Josefsson wrote:
> Paul Romero <paulr_at_rcom-software.com> writes:
>
> > Dear Group:
> >
> > I previously posted this problem to the libcurl group and after
> > considering it, think it might actually be a libssh2 problem.
> >
> > The general problem is that if my private key is encrypted--with
> > a passphrase, I can't complete authentication with the SSH
> > server using libssh.
>
> Are you using libgcrypt or OpenSSL as the backend? The libgcrypt
> backend can only read unencrypted private keys.
>
> Encrypted or not, having the private key in the same process as libssh2
> code is likely a bad idea for security -- so I suggest that you use the
> agent interface to move public/private key handling to a separate
> process. Then you can support any kind of private key (GnuTLS has code
> to decrypt encrypted private keys).
>
> /Simon
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
-- Paul Romero RCOM Communications Software Phone/Fax: (510)339-2628 E-Mail: paulr_at_rcom-software.com _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-07-09