OpenSSH daemon security bug?

Davi Diaz davi at leals.com
Thu Jan 7 08:45:18 EST 2010


Jamie Beverly wrote:
> Agent forwarding is a good thing in most cases. It prevents you from having
> to copy private keys around, but they do certainly have risks. If you
> forward your agent to a host with root users you do not trust (perhaps via
> privilege escalation), they will indeed be able to use your agent for the
> duration you remain connected.
>
> They will not be able to obtain your keys, be able to continue using your
> keys once you have disconnected (or lock your agent). They have never taken
> your authentication token itself. 

I see the private key is never transfered, even if we use "ssh -A".

Just the connection with the new host is started with the help of the original 
ssh client where the private key is.  Could you point me to source code, the 
file or function which start such operation?

> Compare this with the risk of connecting to a host with untrusted root
> users and entering a password. Here, your authentication token itself
> has been harvested, and when you disconnect, they still possess it, and
> can continue to use it.   


More information about the openssh-unix-dev mailing list