ssh agent forwarding
Alex Satrapa
grail at goldweb.com.au
Fri Sep 20 11:45:50 EST 2002
On Friday, September 20, 2002, at 10:36 , Drake Diedrich wrote:
> If you ever get the warning that the host key has changed
... which only happens if some third party is trying to pretend to be
the host that you're trying to connect to.
> The intermediate host has access to the private keys of each ssh key
> you've put in the ssh-agent.
Meaning that whoever has exploited <insert root exploit here> now has
access to your forwarded authentication agent.
Play it safe, and only use agent-forwarding when you really need it -
the rest of the time, make all your outgoing connections from the
machine that you're sitting in front of. Ensure that your ssh-agent
disappears (or at least dispose of the keys it's holding) when you
logout - leaving long-running ssh-agents lying around laden with my keys
has proven to be too much temptation to some sysadmins I know.
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20020920/2652d2cf/attachment.bin
More information about the linux
mailing list