In message <20041218133430.GA26747@Xtrmntr.org>, Lubomir Sedlacik writes:
>

>from what he said it seems that his aim is to protect the key from the
>server administrator(s) and the key is a SSH2 DSA key.  in that case the
>"protected" key is already encypted as you mentioned.  but there is no
>way he could protect its contents by any amount of encrypted layers
>since an altered ssh(1) binary would "take care" of everything and it's
>just a waste of time and addition of pointless complexity.
>

I'll let Jeremy speak for his actual usage model, but I think you're 
right -- I read "server" as "web server", i.e., some place he wanted to 
store the key for retrieval later.  You're absolutely right that 
there's no safe way to use a private key on an untrustworthy machine.

		--Steve Bellovin, http://www.research.att.com/~smb