[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FAS and public Key auth



On Thu May 22 2008, Mike McGrath wrote:

> You think mitm is fairly low but is it really?  Lets say, for example, you
> forward your ssh agent to this remote host.  What are the implications
> there?

When someone forwards the ssh agent to a machine, the root user of this 
machine can access it and use it to authenticate to other machines. Afaik, 
the only way to prevent this is to use "ssh-add -c" when adding the keys to 
the agent which makes the agent ask the user for permission everytime the key 
should be used for authentication.
But this is a problem that exists even when the FAS is not used by third 
parties, because an user can still forward his ssh-agent.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]