Subject: Re: Mozilla and Java
To: None <tech-pkg@NetBSD.org>
From: Soren Jacobsen <soren@blef.org>
List: tech-pkg
Date: 07/23/2003 22:28:26
On 07/23 18:28, Jeremy C. Reed wrote:
> On Wed, 23 Jul 2003, Soren Jacobsen wrote:
> 
> I'd like to try patching ssh-add so it can have a feature like pgp's
> PGPPASSFD.
> 
>  SSHPASSFD=3 ssh-add 3</my/passphrase/file
> 
> Or:
> 
>  SSHPASSFD=0; export PGPPASSFD
>  echo "my-pass-phrase" | ssh-add
> 
> (And if SSHPASSFD is not set, then behave normally.)

I'm not sure how this makes any difference when compared to a
passwordless key. You're storing your password in cleartext, which is
fine, provided it has the proper permissions. The problem with this and
the passwordless key shows its face when physical security is
compromised. In such a case, both are equally troubling.

> > I suppose the other option would be to use a passwordless key and avoid
> > all the ssh-agent stuff.
> 
> I was thinking about that first, but I guess I don't trust someone
> redistributing that passphrase-less key. (Or maybe that doesn't matter?)

I don't know that you mean there, but you'd only be distributing your
public key, which isn't anything to worry about. It's called a public
key for a reason ;)