Connection caching?

[Damien Miller]

Jefferson Ogata wrote:

> Um, I feel like you're missing the point. I can prevent users from using 
> ssh-agent by not providing the binary and by not giving them write access to any 
> exec filesystem. I can also require authentication mechanisms on the server side 
> that ssh-agent cannot answer, e.g. one-time passwords. The mechanism under 
> discussion is not amenable to any of these controls. Once someone authenticates 
> once, if that user's remote session is compromised, the intruder can piggyback 
> over any established ssh connection and there is absolutely no way I can force 
> the intruder to authenticate. Do you understand? You're advocating a mechanism 
> that renders one-time passwords useless against a remote client compromise. 

You miss the point: these controls are useless now, if they depend on
the integrity of an uncontrolled client.

> That's fine for you, but not for me: I need to be able to turn that off on the 
> ssh server.

So write a patch.

-d