As an interrum measure before we have passphrase-protected keys, how hard
would it be to set lshd to require both an authorized key, and a password?
As for why I want this, I'm soon going to be blocking telnet at our border
routers (lshd is already in place on the servers). As an added security
measure, I'd like to set up lshd so that it only accepts authorized keys,
because I'm sure that someone somewhere has gotten lazy and is using a
weak password. However, I don't want to use just the authorized keys, as
that leads to the domino effect (break into user A on one machine, and you
can go anywhere his lsh private key lets you go).
And as to passphrase-protected keys, is there any tentative timeframe for
that? And just how is it planned to work. I don't know how ssh handles
it from a technical point of view, only that a daemon is run, the
passphrase is only input once, etc.
If there are any plans, what are they? How are you planning to pass around
the passphrase or decrypted key? I'm curious as to how this will impact
my current security plans (favorably, I'd hope :-) Preferably this could
be done in such a way that only children of the shell that ran the daemon
in will be authorized, without passing the actual data in an environmental
variable. I've got a few ideas as to how that could be done, but they're
just that.
