On Thu, May 22, 2008 at 8:19 AM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > On Thu, 22 May 2008, brett lentz wrote: >> >> The implications for ssh-agent is fairly simple. Your private key >> still never touches the wire or the remote systems. SSH-Agent forwards >> the auth challenges to the local system you're logging in from. >> >> Here's a great diagram of the process: >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd >> > > I know your private key doesn't touch the wire or remote system. But the > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > to that socket could auth to other machines as the user. Yes, that's a well-known risk. The only protections on that socket are filesystem-level permissions, which root can obviously bypass. The only mechanism I'm aware of that could revoke root's ability to access that file is selinux. However, current policy still allows root to do whatever he likes. I don't think it's possible to dictate a "don't use ssh-agent" policy. That seems unenforceable. This is where I come back to the assurance bit. As you said, that can get a bit complicated and hard to manage on systems that aren't ours. > -Mike > ---Brett. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
