ssh-add: local private keys added to forwarded agents

Dave Ryan dave at ugc.org.uk
Thu Jun 6 04:18:43 EST 2002 

Darren Moffat said the following on Wed, Jun 05, 2002 at 08:55:42AM -0700, 
> >Snippet from draft-ietf-secsh-agent-00.txt:
> >
> >2. Security Considerations
> >
> >   This protocol is designed only to run as a channel of the SSH
> >   protocol.
> >
> >   The goal of this extension is to ensure that the users private keys
> >   never leave the machine they are physically at.  Ideally the private
> >   keys should be stored on a password protected removable media such as
> >   a smartcard.
> >
> >I noticed that ssh-add will add a private key to a forwarded agent, if
> >there are no local agents started by that user - this breaks the draft
> >specification as private keys on a local host are added to an agent 
> >running on a remote host. 
> 
> Since that draft is very much a work in progress and OpenSSH doesn't
> claim complaince with it - I don't think it is fair to hold them to it.

I brought it up because I agree with what you have documented, i.e.:

   The goal of this extension is to ensure that the users private keys
   never leave the machine they are physically at. 
   
As I said, this may or may not be cause for concern with most people, I just
thought it was strange to have local keys added to a forwarded agent, noticed
you had documented the same in the draft, so I brought it to the list as a
suggestion that the draft might be worth following in this instance. But as
you said, OpenSSH doesn't claim compliance so maybe I should have suggested it
as a feature request (that this cannot happen) rather than a half-assed bug 
report. 

> The draft at this point is a very rough cut of thoughts in my head, you
> will also note that as far as technical details it is completely content
> free in revision -00.txt.

Ok. I wouldn't remove the statement though, imho it is preferable to ensure
that private keys remain on the physical host. 

> Note also that it does say Ideally not MUST or SHOULD or any other RFC2026
> keywords.

I didn't comment on the "Ideally..." section.

Thanks for providing some clarity on the situation. 

Cheers. 

-- 
ugc Security Research
http://www.ugc.org.uk/~dave

More information about the openssh-unix-dev mailing list