ssh-agent use in different security domains
saku at ytti.fi
Thu Oct 27 05:56:47 EST 2011
On 26 October 2011 21:42, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> Quite. I desire to connect from domain1-server1 to domain1-server2
>> and from domain2-server1 to domain2-server2, so forwarding is needed.
> To be clear: agent forwarding is *not* needed in this scenario, and in
> fact it is discouraged.
> But this connection is good:
> ssh -oProxyCommand='ssh -W %h:%p monkey.example' banana.example
Lets assume banana lives in domain2.
Help me understand. How does this help? If you login to banana with
ssh-agent, cant banana hijack my session and use /any/ key I have in
ssh-agent to ssh in domain1 servers?
I.e. my understanding is regardless how the transport in transit is, the
ultimate machine must be trusted to /all/ keys my ssh-agent has
And my desire is, to only trust ultimate transit with single key in my
ssh-agent, so ultimate destinations can belong to multiple security
Optimally I'd like to see
'sign request for identity domain1-key from localhost < domain1 < domain2'
Now I'd know that domain2 (or banana) has hijacked my session and is
trying to jump to domain1 servers. Which I'd then forbid ssh-agent from doing.
But this of course is not possible, as ssh-agent has no idea who wants it to
More information about the openssh-unix-dev