https://bugzilla.mindrot.org/show_bug.cgi?id=3316
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Damien Miller <[email protected]> --- First, the root cause is forwarding an agent to an attacker-controlled destination - the user is effectively delegating use of their keys to that attacker. Second this is not an authentication bypass, since nothing is being bypassed. The user is becoming confused as to the context of a FIDO touch request. That makes this more like phishing than anything else. This attack may be mitigated by setting LogLevel=verbose so ssh(1) will print a message at the conclusion of authentication: > [djm@origin ~]$ ssh -oLogLevel=verbose host > Authenticated to host.example.com ([10.0.0.1]:22). > $ Fundamentally, forwarding an agent is a risky operation and should be avoided where possible. This is why we implemented ProxyJump :) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
