On 10/12/2012 01:56 PM, Les Mikesell wrote:
On Fri, Oct 12, 2012 at 3:44 PM, Nux! nux@li.nux.ro wrote:
Yep, exactly right. People in #openssh confirmed -i HAS to be a real path to a file.
Not very unix-like behavior...
Yes, it is. The alternative is for -i to take a file or a key as an argument, and that leads to ambiguous behavior.
I would offer that the behavior of zsh in Mark's request is neat, but not great security. The content of the private key on a remote machine is being written to the local machine's /tmp filesystem. Read permission will be limited to the user running zsh, so it's not super horrible (and I'm guessing that zsh uses O_EXCL to prevent race conditions that would expose the key). All the same, I keep my keys in an encrypted volume because they grant me access to my customer's systems. The idea of writing them to a filesystem that's not encrypted is just creepy.