On Thu, 22 May 2008, brett lentz wrote: > IMO, a good starting point for those requirements would be: > > 1. system runs Fedora/RHEL > 2. system has selinux enabled and enforcing. > 3. system uses an acceptable update schedule. > 4. system's admins are known, and willing to be available when we need > to contact them (within a reasonable set of hours) > 5. the system's admins document their policy for providing root access > to their system. this allows us to do some risk analysis. > 6. we should be able to quickly and easily revoke the system's access to Fedora. > Thats the problem though, there's no way for us to enforce that in any way without regularly checking in, etc. What if they're not compliant and for how long? I think this policy should be simple or non-existant at all. If we can't reliably say that ssh-key based auth to remote machines is a no-risk operation for us, then we shouldn't do it. > > The implications for ssh-agent is fairly simple. Your private key > still never touches the wire or the remote systems. SSH-Agent forwards > the auth challenges to the local system you're logging in from. > > Here's a great diagram of the process: > http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > I know your private key doesn't touch the wire or remote system. But the agent creates a socket in /tmp/ssh-* and I'm worried someone with access to that socket could auth to other machines as the user. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list