FAS and public Key auth
Till Maas
opensource at till.name
Thu May 22 13:59:27 UTC 2008
On Thu May 22 2008, Mike McGrath wrote:
> You think mitm is fairly low but is it really? Lets say, for example, you
> forward your ssh agent to this remote host. What are the implications
> there?
When someone forwards the ssh agent to a machine, the root user of this
machine can access it and use it to authenticate to other machines. Afaik,
the only way to prevent this is to use "ssh-add -c" when adding the keys to
the agent which makes the agent ask the user for permission everytime the key
should be used for authentication.
But this is a problem that exists even when the FAS is not used by third
parties, because an user can still forward his ssh-agent.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/03e81c02/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list