ssh-agent use in different security domains

Saku Ytti saku at
Thu Oct 27 07:14:18 EST 2011

2011/10/26 Ángel González <keisial at>:

> Only your ssh program instance can talk with your ssh-agent, because it
> is running locally. Without agent forwarding, programs on the other host
> can't connect to your agent, much less use your keys.

Quite, but question here is, when you need to have ssh-agent in two different
security domains. How do to do it.

Right now my solution seems to be that the higher security domain (domain1)
I'll add with ssh-add -c and the less secure I can add normally (I don't care
if domain1 evil admin hijacks and jumps to domain2 as me).

To decrease annoyance of constant prompt, I'll use ControlMaster for domain1.

It's not optimal solution, but it's something that can be done today.

Optiomal solution will inform ssh-agent who exactly is requesting the signing,
so user can decide if it's expected/allowed or not.


More information about the openssh-unix-dev mailing list