Dumping Keys under certain conditions (Re: ssh-agent too easy to hack)
Tim McGarry
tim at mcgarry.ch
Fri Jan 18 10:20:15 EST 2002
You're not familiar with VNC are you? (http://www.uk.research.att.com/vnc/)
I suggest you check it out, it has a few advantages over tunneling X through
SSH, I find it's really good for remote unix support via a Windoze based
extranet client. If you lose the connection you X sessions still exist when
you reconnect.
I'd like the key to last for the lifetime of the connection (starting as
many ssh sessions as I like). When I reconnect, reload the keys and then
again start as many SSH sessions as I like.
vncviewer on host A->tunnelled through SSH to host B, running Xvnc and
ssh-agent, -> Multiple SSH connections to hosts C,D,E,F..Z
The connection between A and B can be dropped as reqd.
Cheers
Tim
----- Original Message -----
From: "Nicolas Williams" <Nicolas.Williams at ubsw.com>
To: "Tim McGarry" <tim at mcgarry.ch>
Cc: "Andrew Stribblehill" <a.d.stribblehill at durham.ac.uk>;
<openssh-unix-dev at mindrot.org>
Sent: Thursday, January 17, 2002 11:38 PM
Subject: Re: Dumping Keys under certain conditions (Re: ssh-agent too easy
to hack)
> On Thu, Jan 17, 2002 at 11:17:19PM +0100, Tim McGarry wrote:
> > I often tunnel through SSH to vnc, so dumping the keys on disconnect is
more
> > interesting than looking for a screensaver. I've decided whether to get
SSHD
> > (if given the environment reqd to contact ssh-agent) to tell the agent
to
> > dump the keys when the forwarded port is closed. The other alternative
is to
> > make the change in the vnc server.
>
> If you want your agent's keys to be one-time use then don't use
> ssh-agent at all.
>
> Nico
> --
> -DISCLAIMER: an automatically appended disclaimer may follow. By posting-
> -to a public e-mail mailing list I hereby grant permission to distribute-
> -and copy this message.-
>
> Visit our website at http://www.ubswarburg.com
>
> This message contains confidential information and is intended only
> for the individual named. If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission. If
> verification is required please request a hard-copy version. This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.
>
More information about the openssh-unix-dev
mailing list