ssh-agent use in different security domains
Damien Miller
djm at mindrot.org
Thu Oct 27 11:08:10 EST 2011
On Wed, 26 Oct 2011, Daniel Kahn Gillmor wrote:
> On 10/26/2011 03:15 PM, Saku Ytti wrote:
> > If there is usage scenario for ForwardAgent, there is usage scenario for
> > ForwardAgent in multiple security domains.
>
> I suppose i'm arguing right now that the only legitimate usage scenario
> for ForwardAgent is when the user doesn't understand how to use
> ProxyCommand for a jumphost.
>
> I'd rather streamline the jumphost case than add extra cruft that might
> encourage users to forward their agent.
>
> If someone can propose a legitimate situation where agent forwarding is
> needed, i'd like to hear about it.
Yeah, agent forwarding predates stdio forwarding by more than a decade.
I don't have time to write it, but a good explanation and HOWTO seems in
order.
-d
More information about the openssh-unix-dev
mailing list