Subject: Re: SSH & SFTP: Passphrase Problem + Libssh2 Correction

Re: SSH & SFTP: Passphrase Problem + Libssh2 Correction

From: Simon Josefsson <>
Date: Fri, 09 Jul 2010 23:12:33 +0200

Peter Stuge <> writes:

> Paul Romero wrote:
>> How do you recommend protecting private keys in an automated
>> environment ?
> It's very straightforward. Move them as far away from the application
> as possible.
> The first step is to use an agent process. Protected mode, MMUs and
> the operating system offers some protection from errors in the
> libssh2 application.
> Next step is to make sure that the agent runs as a distinct user in
> the OS, which gets you more protection at the kernel level.

Peter's suggestions are good, however between what is written above and
what is written below, I would suggest that the private keys are
encrypted on local storage, and that they are decrypted by the agent
process when needed. Hopefully your environment can read the decryption
password from somewhere else than where the private keys are stored in
encrypted form.

> A further step might be to move the key into dedicated hardware such
> as a smart card or crypto token.

Let me note that libssh2 works fine with OpenPGP smartcards, any
supported GnuPG smartcard reader, and GnuPG2's gpg-agent with
--enable-ssh-support. It may not be ideal for high performance server
applications though.

Received on 2010-07-09