On 23 Aug 2006, at 22:19, Aine Douglas wrote:
> On 8/23/06, paul at clubi.ie <paul at clubi.ie> wrote:
>> > You can actually control the pasphrases used to protect keys if you
>> > issue the keys from a corporate controlled CA,
>>>> No you can't, not for ssh keys in the actual "SSH key" sense!
>>>> You might be able to issue secret keys to users with 'good'
>> pass-phrases on them, but the user has full power over the key,
>> including power to change that annoying IT-issued pass-phrase to
>> something they can remember a bit easier.
>> I'd challenge that.
And you'd lose.
> The largest, and probably disproportionately most
> expensive PKI system in Ireland is operated by the Revenue
> Commissioners allowing the general public deal with them
> electronically.
>> They issue you with a digital cert and private key in PKCS12 format
> from their CA for you to sign all online dealing with them in a non
> repudable fashion.
Indeed they do, and they extract a lot of money from me in such a
way :-(
> Sing up at www.ros.ie and try and change the password for that PKCS12
> file outside of the ROS system. Can't be done with any PKCS12 tool
> available.
However, that is NOT an ssh key. The pass phrase to an ssh key can,
as Paul said, be changed or removed altogether by its owner using ssh-
keygen with the -N option.
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
