Network Security: Detailed info on Enforce Passphrase on keys

Subject:	Enforce Passphrase on keys
Date:	Thu, 3 Jul 2008 09:31:03 -0500

Subject:

Enforce Passphrase on keys

Date:

Thu, 3 Jul 2008 09:31:03 -0500

Hi!

I've been trying to dig around and find a way to enforce passphrases
on private keys when you authenticate.  The closest post that I can
find would be...

http://marc.info/?l=openssh-unix-dev&m=106941429416956&w=2

---
if openssl rsa -noout -passin pass:none -in /path/to/key ; then
       echo user is a dork
fi
---

However, how does one go about implementing this if their private key
is on the local system?  If the private key is on your server, you
could probably put it in a login script.  But being that it is on the
local system, how would you go about verifying the passphrase?

The reason why I'm going down this road is because we have had
problems where a user's private key is compromised.  Some user's do
not use passphrases on their private keys.  Once a key is copied off
the system, the attacker then logs in without worrying about
passwords.  My idea is to have the server deny the connection if a
passphrase does not exist on a private key.


Thanks!

<Prev in Thread]	Current Thread	[Next in Thread>
Enforce Passphrase on keys, Michael Wisniewski <= Re: Enforce Passphrase on keys, Martin Simovic Re: Enforce Passphrase on keys, Robert Hajime Lanning

Next by Date:	On why debugging OpenSSH can be so hard, Maurice Volaski
Next by Thread:	Re: Enforce Passphrase on keys, Martin Simovic
Indexes:	[Date] [Thread] [Top] [All Lists]

Next by Date:

On why debugging OpenSSH can be so hard, Maurice Volaski

Next by Thread:

Re: Enforce Passphrase on keys, Martin Simovic

Indexes:

[Date] [Thread] [Top] [All Lists]