ssh-agent use in different security domains
saku at ytti.fi
Tue Oct 25 21:48:52 EST 2011
On 25 October 2011 13:28, Damien Miller <djm at mindrot.org> wrote:
> to another host. The risk comes in when your _forward_ your agent to a
> potentially-untrustworthy server. If you aren't forwarding your agent
> then you don't need to worry.
Quite. I desire to connect from domain1-server1 to domain1-server2
and from domain2-server1 to domain2-server2, so forwarding is needed.
> If you are forwarding your agent, then right now we don't have any way to
> limit key visibility. To do this we'd need to either build it into
> ssh-agent or into ssh itself.
Maybe 'ssh-add -c' is something I want (otoh it should prompt always?
Which would be annoying. But I couldn't get it working). I'd really prefer
.ssh/known_hosts style, like .ssh/agent_db, where agent would remember
when it is allowed to sign.
> alleviated somewhat if the agent code were in a library that is shared
> by ssh-add / ssh and possible ssh-agent - I've made a small start towards
> this on the plane back from EuroBSDCon, but it will be a while before it
> is ready.
That's good news, hope it pans out. Just to verify that I'm not missing
something obvious. As I understand this is fairly typical usage scenario.
How are other people addressing this?
More information about the openssh-unix-dev