Is there any solution, or even work on, limiting which keys gets forwarded where?
Peter Stuge
peter at stuge.se
Sat Oct 17 01:33:37 AEDT 2015
hubert depesz lubaczewski wrote:
> > Another approach, if you find you must forward your agent, is to load
> > all keys in your agent with confirmation prompt required (ssh-add -c)
> > so that your local machine is still in control of when the different
> > keys get used.
>
> Yeah, but that will (from what I understand from man) re-ask for my
> password, which is highly impractical given the above passphrase
> situation.
You should try it out. No, the agent on your client only asks for
confirmation to use the key (enter=yes, type anything+enter=no)
not for the passphrase.
//Peter
More information about the openssh-unix-dev
mailing list