On Tue Dec 28, 2004 at 00:10:02 +1100, Matthew Palmer wrote: >On Mon, Dec 27, 2004 at 10:22:18PM +1100, Indelible wrote: >> A while ago somebody mentioned in a talk that it was a really bad idea >> to log into a machine via ssh and from there log into another machine >> using ssh. >> I don't get it. Why is this bad? > >3) An ssh-agent-based system is the most secure, but a sneaky root user on >the intermediate machine can use your proxy to get into the far machine (and >anything *else* that's accessable through your ssh-agent session). It's not >as bad as 1 & 2 above, because access can only be obtained while your >ssh-agent session is active on the intermediate machine, but it's still Bad >Stuff.
Wouldn't the use of agent-forwarding solve this problem? Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
