vulnerability with ssh-agent
Keld Jørn Simonsen
keld at dkuug.dk
Sun Jul 18 07:14:22 EST 2004
Hi,
Thanks for all your help on this.
I tried out the ssh-add -c option, and well, it was a bit of a surprise.
When later I used ssh to connect to a remote site, I was asked to enter
the passphrase. Well, I should not really be surprised, but my whole
exercise is to avoid typing in passwords, as this is easy for a
keylogger to pick up.
So would it not be more secure if there only was a kind of "yes"
answer to be given? And also that the asking of the confirmation should
be done by ssh-agent, not by ssh. I am not sure if that is done now.
Best regards
keld
More information about the openssh-unix-dev
mailing list