[systemd-devel] Keyring service as a natural use-case for systemd?
Mantas Mikulėnas
grawity at gmail.com
Fri Jun 27 08:08:01 PDT 2014
I don't think the kernel keyring would work for ssh-agent or gpg-agent. The
point of using an agent is *not* just providing dumb secret storage, but
moving the actual crypto functions to the agent, so that the UIs (ssh, scp,
gpg as of v2.1) won't *ever* deal with unlocked keys.
(The agents usually set themselves as undumpable and untraceable to avoid
key extraction by the same user's other processes.)
If you make `ssh-add` just insert the decrypted key into a kernel keyring
and `ssh example.com` just retrieve it, you lose one of the most important
features.
Unless, of course, the kernel learns keyctl_ssh_{rsa,ecdsa,ed25519}_sign()
or another similar interface that will always take 2-3 years to catch up
every time the user space learns a new cipher or protocol...
(I am reminded of plan9's Factotum, which was kind of like ssh-agent but
part of the OS...)
--
Mantas Mikulėnas <grawity at gmail.com>
// sent from phone
On Jun 27, 2014 4:19 PM, "Lennart Poettering" <lennart at poettering.net>
wrote:
> On Wed, 25.06.14 14:25, Anatol Pomozov (anatol.pomozov at gmail.com) wrote:
>
> Haya,
>
> > One of the weirdest decisions made by ssh/gpg developers is using
> > environment variables to pass information about agent processes. Why
> > don't they use some well-known location for the socket file like any
> > other application does? Currently I need to run the *-agent daemon
> > from user account, construct environment variables and propagate it to
> > other processes such as Gnome and terminals started by sshd.service.
> > It would be much nicer if *-agents created
> > /run/user/$uid/gpg-agent.socket that any program can use.
>
> Well, $XDG_RUNTIME_DIR is relatively young, and gpg/ssh are not. Also,
> the BSDs don't really have that. env vars are really awful for what they
> are doing, but then again, i'd fault UNIX for that, not
> them. $XDG_RUNTIME_DIR is simply our way to fix UNIX in this regard.
>
> > But I would love to see just one system daemon for all users without
> > the additional configuration steps. All I expect to start the service
> > is:
> >
> > sudo systemctl enable systemd-keyringd.socket
> >
> > After that 'ssh' 'gpg' should work without any configuration hustle.
>
> So, my strong suggestion would be that everything should just use the
> kernel keyring (as in keyctl(1)), and then gnome-keyring-daemon and
> suchlike are just frontends for that adding interactive password queries
> and things like that. And yeah, ssh/gpg should just use the keyring too,
> and nothing else. But of course this is not going to be easy, as the
> kernel keyring is a Linuxism, and ssh+gpg tend to be conservative with
> non-portable interfaces...
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140627/44595e3b/attachment-0001.html>
More information about the systemd-devel
mailing list