> Of course the protocol could just include that information in the request but that's > completely useless as a security precaution, because the attacker just needs to tweak his SSH > client code to always say that the key was passphrased, even if it wasn't. Actually, this sounds very reasonable to me: the point of refusing access to passphraseless keys isn't to protect from an attacker, but to protect from a lazy user, who doesn't want to type his passphrase. This wouldn't protect from sophisticated lazy users, but those lazy users will probably realize it's easier to run an ssh-agent than to compile a modified ssh client. But this would prevent the stupid lazy user from logging in with his/her passphraseless key, which ought to gain something.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds