[alxv]

Oh right... because putting your critical secret information into a huge, buggy, extensible, unaudited, complex, and constantly changing operating system is so much better!

[moe]

When running OpenSSH on top of Linux you will be affected by any security bug in Linux or OpenSSH.

When running OpenSSH inside Chrome on top of Linux you will be affected by any security bug in Linux, OpenSSH or Chrome.

It's not that hard to understand, really.

[BitMastro]

Or, from another point of view, an attacker has to bypass Linux and OpenSSH security in one case or bypass Linux, OpenSSH and Chrome security mechanisms in the other case..

It's an oversimplification

[moe]

No.

When you load your SSH-Keys into Chrome and the Chrome sandbox is compromised then there is no further layer between the attacker and your keys.

This is a new attack vector in addition to those that may exist in SSH itself and your operating system.

[BitMastro]

I understand what you mean, but I'm saying that compromising the sandbox can be looked as well as an additional step to achieve. And more so if, for example, address space randomization is offered by the OS. In this case the security model is reinforced, rather than weakened.

[moe]

but I'm saying that compromising the sandbox can be looked as well as an additional step to achieve

You're making no sense. The previous attack vectors don't go away when you put your keys into Chrome. Chrome becomes an additional option for the attacker, not an additional "step".

A house with two doors is less secure than the same house with one door.

[tmzt]

There is also no reason that private keys have to be loaded in the same process (or even the sandbox) when an ssh agent is used.