On Tue Dec 28, 2004 at 09:05:38 +1100, Matthew Palmer wrote: >On Tue, Dec 28, 2004 at 08:53:44AM +1100, Benno wrote: >> On Tue Dec 28, 2004 at 00:10:02 +1100, Matthew Palmer wrote: >> >On Mon, Dec 27, 2004 at 10:22:18PM +1100, Indelible wrote: >> >> A while ago somebody mentioned in a talk that it was a really bad idea >> >> to log into a machine via ssh and from there log into another machine >> >> using ssh. >> >> I don't get it. Why is this bad? >> > >> >3) An ssh-agent-based system is the most secure, but a sneaky root user on >> >the intermediate machine can use your proxy to get into the far machine (and >> >anything *else* that's accessable through your ssh-agent session). It's not >> >as bad as 1 & 2 above, because access can only be obtained while your >> >ssh-agent session is active on the intermediate machine, but it's still Bad >> >Stuff. >> >> Wouldn't the use of agent-forwarding solve this problem? > >agent forwarding is what I'm talking about. Hence the term >"ssh-agent-based".
You can be agent-based without forwarding. Of course the man page actually describes the attack. I thought that agent forwarding might be more sophisticated than that. (E.g: not exposing it as a socket -- of course any root user who was suitably sophisticated could still hijack the connection, but it would be a damn side harder than chmod). Oh well, still a lot better than not having agent forwarding. In any case, all these problems are generic problems with using a machine you don't trust, and not to do with ssh-ing from and machine you are ssh-ed too. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
