ssh agent forwarding

Alex Satrapa grail at
Fri Sep 20 11:45:50 EST 2002

On Friday, September 20, 2002, at 10:36 , Drake Diedrich wrote:

> If you ever get the warning that the host key has changed

... which only happens if some third party is trying to pretend to be 
the host that you're trying to connect to.

> The intermediate host has access to the private keys of each ssh key 
> you've put in the ssh-agent.

Meaning that whoever has exploited <insert root exploit here> now has 
access to your forwarded authentication agent.

Play it safe, and only use agent-forwarding when you really need it - 
the rest of the time, make all your outgoing connections from the 
machine that you're sitting in front of.  Ensure that your ssh-agent 
disappears (or at least dispose of the keys it's holding) when you 
logout - leaving long-running ssh-agents lying around laden with my keys 
has proven to be too much temptation to some sysadmins I know.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url :

More information about the linux mailing list