vulnerability with ssh-agent

[Damien Miller]

Keld Jørn Simonsen wrote:
> Yes, that was true, and I installed gnome-ssh-askpass and set the shell
> variable. Then it worked. But, but. I would like that it was not ssh
> that initiated this verification, instead it should be ssh-agent.
> And ssh should not default to asking for key/passwd, when programs are
> not found, it should be the job of ssh-agent IMHO.

You have this completely wrong. When ssh-agent is improperly configured
(e.g. no $DISPLAY environment variable set when it is run) then it will
always refuse requests to use any keys it may have loaded with the
confirm option on. ssh will fall back to trying the keys in ~/.ssh
directly.

> A scenario: somebody has cracked my password, and can log in as a
> normal user on my home server over the internet. With an open ssh-agent he
> can log in further to my other servers. If it was the ssh-agent's job to
> ask for the confirmation then I would get a notice at my X window and I
> would not grant the intruder.  That would mean that ssh-agent at some
> time would get the information that a specific ssh-askpass program
> should be used. Maybe this would be at launch time of ssh-agent, maybe
> that would be when invoking ssh-add -c (or what option this feature
> should have).

This is what happens now. Please read and understand the manpages.

-d