John M. Harris Jr wrote:
> Well, you could theoretically use ssh-agent (or equivalent), without
> changing the protocol in any way.
You need protocol support to do this securely. Otherwise, your ssh-agent is
a decryption oracle which can be used by an attacker to decrypt your LUKS
keyfile on demand. The decryption should only be possible as part of the
login process after the server fingerprint has been verified and before
arbitrary application data can be sent.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
