vulnerability with ssh-agent

Keld Jørn Simonsen keld at dkuug.dk
Sun Jul 18 07:14:22 EST 2004


Hi,

Thanks for all your help on this.

I tried out the ssh-add -c option, and well, it was a bit of a surprise.
When later I used ssh to connect to a remote site, I was asked to enter
the passphrase. Well, I should not really be surprised, but my whole
exercise is to avoid typing in passwords, as this is easy for a
keylogger to pick up. 

So would it not be more secure if there only was a kind of "yes"
answer to be given? And also that the asking of the confirmation should
be done by ssh-agent, not by ssh. I am not sure if that is done now.

Best regards
keld




More information about the openssh-unix-dev mailing list