--
JFCh
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> I like it.
>
> One thing that would be good is having some sort of signing mechnanism
> on the Agent. As I see you check to make sure the ownership of the
> file is ok.
>
> How about another approach is to sign the Agent with the servers
> private key (if that's possible??).
Maybe may be included SHA hash of agent program in the config file and it may be checked before running the agent. But it is necessary? and who will check all the shared libraies used?
>
> That way if the servers private key was compromised then you have a
> problem, otherwise the other checking on the file isn't necessary.
>
> Otherwise I really like it, and it would be great to see this sort of
> feature make its way into mainline.