I fail to see how agent forwarding causes a security risk. Credentials
still are never sent over the wire. Worst case the intervening host could
intercept your proof of credentials and use that to generate credentials,
which basically means cracking your RSA/DSA key.
-matt
--On Thursday, September 20, 2001 2:40 PM -0400 "Robert W. Brewer"
<[EMAIL PROTECTED]> wrote:
> I saw a blurb in the Debian docs about only enabling
> ssh-agent port forwarding if you are certain of the
> security of the remote host, due to possible attacks
> by root at the remote end.
> I think the idea is that root could
> presumably send authentication requests back to
> my ssh-agent and be authenticated for services
> that are only for me.
>
> I consider this a good argument for disabling
> ssh-agent port forwarding. However, I think
> a compromise could be reached which would make
> me, and probably others, quite comfortable.
>
> I'd like to know what others think about the security
> and/or usefulness of this scheme:
>
> ssh-agent prompts for confirmation before authenticating
> anything that came from a remote port forward. It doesn't
> have to prompt for a passphrase, just a "yes/no" confirmation
> of whether I want to perform an authentication. If I am
> not attempting to login anywhere else, and that confirmation
> suddenly pops up, then I would know that something is amiss.
>
> Or maybe I'm overestimating the usefulness of forwarding the
> agent's port. Is that only needed in a multi-hop scenario,
> so that if I always went direct from my originating box
> to a destination I don't ever need it?
>
> Thanks for your thoughts.
>
> -Rob
> --
> Robert W. Brewer
> Jesus rules!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
