Hi Marc, Marc Weber <[email protected]> writes:
> The useful hack I wrote is a sshfs wrapper. > It uses pgrep to identify all runing ssh-agents. > It then defines SSH_AGENT_PID and > SSH_AUTH_SOCK and tries to mount the location. > If it fails the next ssh-agent is tried. > (Usually you only have one on your computer anyway..) OK, thanks for explaining. > Using arbitrary ssh-agents is very dangerous: > Consider someone else logging into your machine. > If you add the key he could do: > cd /auto/you-remote-location Indeed. My feeling is that it’s something that ought to be discussed with sshfs-fuse upstream, not hacked around in a distro, because there seems to be a fundamental usability issue (using sshfs-fuse with passphrase-protected keys), and there’s probably a wealth of security pitfalls like the one you mention above. What do you think? Thanks, Ludo’. _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
