On Thu, 22 May 2008, Jeremy Katz wrote: > On Thu, 2008-05-22 at 08:41 -0700, brett lentz wrote: > > On Thu, May 22, 2008 at 8:19 AM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > > > On Thu, 22 May 2008, brett lentz wrote: > > >> The implications for ssh-agent is fairly simple. Your private key > > >> still never touches the wire or the remote systems. SSH-Agent forwards > > >> the auth challenges to the local system you're logging in from. > > >> > > >> Here's a great diagram of the process: > > >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > > >> > > > > > > I know your private key doesn't touch the wire or remote system. But the > > > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > > > to that socket could auth to other machines as the user. > > > > Yes, that's a well-known risk. The only protections on that socket are > > filesystem-level permissions, which root can obviously bypass. > > And the risk isn't increased by us allowing third-party groups to do > auth via FAS. This risk is present whenever any user logs in to another > machine with agent forwarding. Which is requested by the user/client -- > not the machine being logged into > The risk does increase as far as targeting goes though. If you were to do this type of attack right now, how would you go about doing it and what machines would you use? If we start allowing third party machines that have basically no barrier to entry it becomes much easier to plan and execute the attack. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
