On Tue, 2004-12-28 at 08:53 +1100, Benno wrote: > On Tue Dec 28, 2004 at 00:10:02 +1100, Matthew Palmer wrote: > >On Mon, Dec 27, 2004 at 10:22:18PM +1100, Indelible wrote: > >> A while ago somebody mentioned in a talk that it was a really bad idea > >> to log into a machine via ssh and from there log into another machine > >> using ssh. > >> I don't get it. Why is this bad? > > > >3) An ssh-agent-based system is the most secure, but a sneaky root user on > >the intermediate machine can use your proxy to get into the far machine (and > >anything *else* that's accessable through your ssh-agent session). It's not > >as bad as 1 & 2 above, because access can only be obtained while your > >ssh-agent session is active on the intermediate machine, but it's still Bad > >Stuff. > > Wouldn't the use of agent-forwarding solve this problem?
No. 3) is all about the weakness in agent forwarding. Your local agent will answer requests from the intermediate machine as if they were from you, so the intermediate machine if attacked can login to anything you can login into. ProxyCommand is your friend though, it lets you tunnel via other machines quite securely. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
