ssh-agent use in different security domains
Saku Ytti
saku at ytti.fi
Tue Oct 25 22:26:54 EST 2011
On 25 October 2011 14:15, Damien Miller <djm at mindrot.org> wrote:
> Well, you can run multiple agents listening at specified sockets using
> ssh-agent's -a option and switch between them manually by resetting
> SSH_AUTH_SOCK. There isn't any automated way at present.
Quite high overhead, I'm going to assume that people just generally take
the risk.
I talked with my non-c-challenged coworker about this issue, and he said
he'd write patch for ssh-agent to query for permission to sign. But after few
minutes of looking into ssh, he told me that ssh-agent does not know who
is asking for the signing. Which means we'd need larger change to ssh, and
I doubt upstream would accept the patch :/.
--
++ytti
More information about the openssh-unix-dev
mailing list