July 7, 2016

Use as SSH Agent

Because it is troublesome to input pass phrases when secret key of SSH is used each time, tool like pageant is often used.
However, there is a security risk in which pageant sends back arbitrary data with signature by secret key by demand from other process, if malicious process is conducted, it becomes trouble as security. (In such case, although secret key itself is not leaked, danger is danger).

In Poderosa, there is no such worry because Interprocess Communication isn’t conducted. Instead, there is the following option in passphrase input screen at the time of using key:


Here, if memory of passphrase is made to be “until Poderosa is finished”, as for the samekey, passphrase memorized in memory is automatically used, so there is no need of input every time. There is an option “60 minutes’ memory” in which both trouble and security is medium compared with every-time-input.

Additionally, in ponderosa, no output of passphrase or secret key itself to other process including writing to preference file. Although pass of secret key file is written to setting file, the number of pass memorized can be set, so if this is set 0, including pass, no output.