On 2 Apr 2000, Robert Bihlmeyer wrote: > > Solution: remove the identity from .ssh/authorized_keys on my home > > machine. > Note that *any* keys that your agent holds can be snarfed by the > admin(s) of any hosts where you ssh-in with agent forwarding enabled.
No, that is the point of ssh-agent. The key never leaves your machine the authentication request travels through SSH to your agent, and then back again with the proper encrypted credentials. So long as your ssh is active an attacker can use that to access other machines you normally ssh into and presumably implant his own authorized_key. Jason
