[Developers] Multiple keys in 0.8.2
Aaron Jacobs
lists at intervocalic.net
Sun Sep 23 17:20:10 CEST 2007
Thanks for the response, Bart.
On 9/23/07, Bart Matthaei <bart at sshkeychain.org> wrote:
> This could be a solution, however I'm not sure if we want to be
> comparing
> passphrases in SSHKeychain before adding keys. This could potentially
> lead to weird situations.
What sort of weird situations? I suppose there are security
implications; is that what you're referring to?
> This is not possible, since we don't know which key can be used
> for authentication. ssh-agent simply tries each key it has loaded
> until it
> finds something useful.
Okay, I wasn't sure whether or not this information was available at
the time keys were requested.
> Add all keys when a client connects does what it reads. It adds all keys
> that have their passphrase stored in the apple keychain as soon as a
> client
> uses ssh-agent.
Yes it does do what it says, but I read it in a different way. I
thought that it meant that when a client connects all of the keys
would be added, as opposed to just the one that was needed. But now I
see it's all as opposed to none.
> I don't really see the problem. If you add both keys to the apple
> keychain,
> you will be asked to unlock the apple keychain upon the first request,
> and both keys will be loaded automatically. This way you should only
> get one dialog (the unlock apple keychain dialog).
I shy away from storing my password in the keychain. I suppose I'll
just have to live with double prompts, unless you can think of any
other way to take care of it.
Thanks,
Aaron
More information about the developers
mailing list