On Fri, Oct 07, 2011 at 09:30:00AM -0600, Kevin Fenzi wrote: > One possible compromise: go ahead and use ssh agent forwarding, but > after you login, do a 'ssh-add -D' to drop all your keys. Then, when/if > you need to make a copy connection it should ask for your passphrase to > unlock the key again. If someone tries to hyjack your agent connection, > you would see the request to unlock the key and could reject it. To eliminate the race condition after login, the necessary key could be added with "ssh-add -c". This makes the agent ask for confirmation before using a key for authentication. Kind regards Till _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
