You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Christian Schneider (JIRA)" <ji...@apache.org> on 2012/05/25 18:09:23 UTC
[jira] [Commented] (KARAF-1475) Support SSH agent forwarding and
use the agent authentication when connecting to other instances
[ https://issues.apache.org/jira/browse/KARAF-1475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13283563#comment-13283563 ]
Christian Schneider commented on KARAF-1475:
--------------------------------------------
Currently we create a private key at build time and allow full access with this key by default. I think this opens a big security hole. Of course the same is true for the karaf:karaf user. What makes the private key more dangerous is that people might not see this hole as easily as the default user. So I think we should not do this.
Instead I propose to create a key at runtime and use it to connect to the local instance. We could store the generated private key in the user dir to make sure it is at a safe place.
> Support SSH agent forwarding and use the agent authentication when connecting to other instances
> ------------------------------------------------------------------------------------------------
>
> Key: KARAF-1475
> URL: https://issues.apache.org/jira/browse/KARAF-1475
> Project: Karaf
> Issue Type: New Feature
> Reporter: Guillaume Nodet
> Assignee: Guillaume Nodet
> Fix For: 2.3.0, 3.0.0
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira