Unable to use ssh-agent with confirmation, when logged in on a virtual terminal

[Johannes Kastl]

Hi Eldon, 

thanks for your answer.

Am 5. November 2014 08:37:54 MEZ, schrieb Eldon Koyle <ekoyle at gmail.com>:

>I think perhaps you are misunderstanding the '-c' option of ssh-add.

Yeah, perhaps I do.

>The -c option is meant as an additional barrier to someone hijacking
>your agent (ie. if someone gains access as your user, they will be
>unable to use your key if they don't also have access to your X
>session).

I mostly found this option mentioned in connection with agent forwarding, and that's  use  case I have.

The benefit being that no one can use the 'forwarded' key/identity, unless I confirm it. So me forwarding my identity to a server getting hacked does not  compromise security.

Of course it's more comfortable if it's a  window popping up. But what if the forwarding, safe, machine is a machine without x? Maybe this use case was not intended and thus does not work.

Funny, that my first tests with the -c option exactly  into that corner case...
 
>One purpose of the ssh agent is to avoid having to type in your
>passphrase as often.  

But why it's just clicking a button enough to confirm the use? I world game thought that each use has to be confirmed by the passphrase.

So many questions... ;-)
Regards,
Johannes
-- 
This mail has been sent from my mobile phone. Please excuse the briefness.
This mail is not signed cryptographically.