Agent Forwarding Anomalies on OpenBSD 3.3/OpenSSH 3.6.1
eric-list-openssh at catastrophe.net
Sat Sep 13 02:17:30 EST 2003
On Fri, 2003-09-12 at 08:28:46 -0500, Ben Lindstrom proclaimed...
> In this case your global ssh_config and personal ssh_config would be
> more interesting.
Ok, I forgot to send that along. Basically, it's the same on all
> This is called Agent forwarding.
> man ssh_config
> Specifies whether the connection to the authentication agent (if
> any) will be forwarded to the remote machine. The argument must
> be ``yes'' or ``no''. The default is ``no''.
> Agent forwarding should be enabled with caution. Users with the
> ability to bypass file permissions on the remote host (for the
> agent's Unix-domain socket) can access the local agent through
> the forwarded connection. An attacker cannot obtain key material
> from the agent, however they can perform operations on the keys
> that enable them to authenticate using the identities loaded into
> the agent.
> > debug1: channel 0: request pty-req
> > debug1: Requesting authentication agent forwarding.
> > debug1: channel 0: request auth-agent-req at openssh.com
Yes, but do you have any idea why it would work on one host and
not the others?
More information about the openssh-unix-dev