On Thu May 22 2008, Mike McGrath wrote: > You think mitm is fairly low but is it really? Lets say, for example, you > forward your ssh agent to this remote host. What are the implications > there? When someone forwards the ssh agent to a machine, the root user of this machine can access it and use it to authenticate to other machines. Afaik, the only way to prevent this is to use "ssh-add -c" when adding the keys to the agent which makes the agent ask the user for permission everytime the key should be used for authentication. But this is a problem that exists even when the FAS is not used by third parties, because an user can still forward his ssh-agent. Regards, Till
Description: This is a digitally signed message part.