Simon Josefsson <[email protected]> writes: > Agent forwarding isn't that important to me, though. Basic agent > support is what is preventing me from using lsh at all, since my private > keys are stored on a smartcard.
Point taken. Basic agent support is more important. > Oh. I'm not sure if that works though. You can defer the passphrase > prompt until lsh wants to use the private keys, but if I recall > correctly, with SSH you don't know which private key to use anyway, so > you have to decrypt them all and try them in order. You're not recalling all the details ;-) The ssh userauth protocol allows you to send a publickey, *without* any signature, and the server will tell you if the key + signature would be accepted. The way lsh uses that, it sends such requests for all known keys (and one can send the requests back-to-back, without having to wait a network roundtrip per key), and then it creates and sends a signature for the first key which the server says it will accept. It's just a question of getting the public key first, without decrypting the corresponding private key upfront. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ lsh-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/lsh-bugs
