disable features

[Ed Phillips]

On Wed, 24 Oct 2001, Peter W wrote:

> Date: Wed, 24 Oct 2001 14:10:18 -0400
> From: Peter W <peterw at usa.net>
> To: openssh-unix-dev at mindrot.org
> Subject: Re: disable features
>
> On Wed, Oct 24, 2001 at 07:24:22PM +0200, Lutz Jaenicke wrote:
> > On Wed, Oct 24, 2001 at 09:35:22AM -0400, Ed Phillips wrote:
>
> > > Also, is there any particular reason that authentication forwarding has
> > > been disabled in 2.X
>
> > > In addition, if there is some reason not to use these features (bugs,
> > > unreasonable security risks, etc.)... please let me know.
> >
> > Both X11 and agent forwarding introduce some risks. If you cannot trust
> > the admin on the server (or have to consider the system being compromised),
> > you may experience the following:
>
> > * the malicious admin could access your forwarded agent connection
>
> Also, IIRC, OpenSSH's client will attempt to use agent/keypair auth when
> initiating a new connection. This means 'ssh'/'sftp' will present your
> keypair "identity" to new servers unless explicitly asked not to do so.
>
> For privacy reasons, you may wish to hide your keypair identities unless
> needed/warranted. It's probably a good thing for users to get in the habit
> of explicitly requesting services like X11 forwarding and agent forwarding
> instead of just expecting things to "work".
>
> I guess I'm arguing that RSAAuthentication in ssh_config perhaps should
> default to "no" as well.

Yeah... I've wondered about this.  If passing your private key to the
remote side (of course, how else could RSA auth forwarding work if you
didn't) is too much of a security risk as the default behavior, while
providing no additional security (only the convenience of not having to
type in more passwords), then I'd vote to make PasswordAuthentication be
the only method tried by default.

	Ed

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key