https://bugzilla.mindrot.org/show_bug.cgi?id=2533
Igor Bukanov <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX |--- --- Comment #2 from Igor Bukanov <[email protected]> --- (In reply to Damien Miller from comment #1) > sshd being able to access its keys is a requirement. Even checking that the key is really loaded into the agent does not provide any guarantee that sshd can access the key later. They key can be removed at any moment by the agent or the agent may disappear. Or consider that the agent may be running on another machine with its socket forwarded to sshd when the link to the agent may be interrupted. Moreover, as the check introduces artificial dependency between sshd and the agent, it makes it harder to run the agent in a separated container on Linux for extra security. The present check requires to ensure ordering between containers which is even in 2020 is not exactly solved problem. So given that the check does not ensure the key availability while it makes securing the system more complex, I am asking to re-consider WONTFIX. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
