[EMAIL PROTECTED] on 05/30/2000 10:58:03 AM
>> What about preventing other users on the client from using the key?
>
>Make sure your "identity" file remains uncompromised! And make sure your
>sysadmin doesn't allow anyone to install a sniffer that would allow him
>or anyone else from capturing the keystrokes when you type your passphrase.
But I'd still have to trust users not to give their keys out or, even worse,
trust them not to place private keys in places that others can read. The former
may be a given, but the latter is impossible to prevent in our environment for
several reasons, some of which are:
1. Users may not know what's safe/unsafe given that some drives are mounted and
some users' primary concerns are to develop software, not to manage keys.
2. Our PCs' file systems have really crappy permissioning capabilities. This
will not change in the foreseeable future due to some other reasons I'd rather
not get into.
I guess the gist of the matter is that we don't want to trust our clients. Or,
rather, we'll trust them only to an extent. Our use for ssh is to give them
access to our source repository and only our source repository. We don't want
them giving anyone else access to the repository (by giving away their keys).
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
