On Tue, Dec 28, 2004 at 08:53:44AM +1100, Benno wrote: > On Tue Dec 28, 2004 at 00:10:02 +1100, Matthew Palmer wrote: > >On Mon, Dec 27, 2004 at 10:22:18PM +1100, Indelible wrote: > >> A while ago somebody mentioned in a talk that it was a really bad idea > >> to log into a machine via ssh and from there log into another machine > >> using ssh. > >> I don't get it. Why is this bad? > > > >3) An ssh-agent-based system is the most secure, but a sneaky root user on > >the intermediate machine can use your proxy to get into the far machine (and > >anything *else* that's accessable through your ssh-agent session). It's not > >as bad as 1 & 2 above, because access can only be obtained while your > >ssh-agent session is active on the intermediate machine, but it's still Bad > >Stuff. > > Wouldn't the use of agent-forwarding solve this problem?
agent forwarding is what I'm talking about. Hence the term "ssh-agent-based". - Matt
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
