Let's say you assign SSH keypairs to all users on your system; none of these "low trust" users have root privileges. You want the users to be able to use their keys in SSH connections, however, you don't want your users to be able to read their private keys.
This can be used to either prevent users from accessing secured servers over SSH from unauthorized computers (by copying their keypair to another computer), or to prevent their private keys being accidentally leaked.
Is there already this type of system in place for "hiding" private keys from the users, while still allowing them to use them during the shared key negotiation?
Aucun commentaire:
Enregistrer un commentaire