vulnerability with ssh-agent
Damien Miller
djm at mindrot.org
Thu Jul 15 08:11:56 EST 2004
Keld Jørn Simonsen wrote:
> On Wed, Jul 14, 2004 at 10:07:16PM +0200, Markus Friedl wrote:
>>of course they are in the memory (unless you
>>have a smartcard). where else?
>
> are they also stored in memory, if you use forwardagent (on the
> intermediate machine)?
No, because there is no agent running there, just sshd relaying a
connection. Use "ssh-add -c" if you are paranoid about unauthorised
agent use (I do).
> And how are they stored, have something been done to make them harder to
> retrieve from a dump?
We disable coredumps and connections from different non-root users.
Beyond that, there isn't anything we can do that isn't just obscurity.
-d
More information about the openssh-unix-dev
mailing list