Potential DoS against forwarded ssh-agent

Daniel Kahn Gillmor dkg-openssh.com at fifthhorseman.net
Thu Jan 6 15:10:08 EST 2005


Thanks for the followup, Damien!

On January 6, djm at mindrot.org said:

 > I don't really think that this is a problem - if an attacker has access
 > to a ssh-agent socket, then clearing your keys or locking the agent are
 > about the kindest things they can do for you.

I agree -- there are definitely worse things an attacker could do,
like authenticating without your permission.  But OpenSSH already has
a defense against this kind of attack: use -c with ssh-add, and you
will be protected by an ssh-askpass confirmation.

The proposed patch attempts to add an analogous defense against a
different (admittedly less severe) attack which is un-defendable in
the current implementation.

It seems like you ought to be able to be alerted about any form of
remote tampering, even if the only thing it results in is a
denial-of-service.  Or am i overlooking some other form of attack in
this analysis that swamps all other considerations?

	--dkg




More information about the openssh-unix-dev mailing list