[svlug] requiring passphrase for ssh..?

[Drew Bloechl]

On Wed, Apr 04, 2001 at 09:57:29AM -0700, Ajay wrote:
> Hey guys,
> 
> 	I was wondering if anyone here knows if it's possible to require a
> passphrase to be inputted when a user logs in with their private key?  I
> don't see any options for sshd_config to allow this, and one of my coworkers
> has said this can't be done, but I'm not convinced yet.  I saw a code
> snippet in ssh1_connect.c I thought I could modify so it wouldn't try NULL
> passphrases, but that didn't seem to work, have to look into it more to
> figure it out.  Of course, a non-code altering solution would be the easiest
> if possible.  Any help greatly appreciated, TIA!

The ssh server doesn't have any idea whether the client uses a
passphrase or not.  I'm pretty sure it goes something like this:

ssh client: Hey, I have this public key, will you take it?
ssh server: Sure, but sign this arbitrary number I just generated first.
*ssh client determines whether it needs to ask for passphrase and does so
if needed*
ssh client: Okay, here's your signature, let me in.
ssh server: Righto.

Or something like that, anyway.  

The only possible way you could do that is if you modify the ssh client
to tell the ssh server it's asking for a passphrase.

-- 
Drew Bloechl
drew at cesspool.net
PGP key ID: 33855516