Re: Unable to use ssh-agent with confirmation, when logged in on a virtual terminal

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Eldon, 

thanks for your answer.

Am 5. November 2014 08:37:54 MEZ, schrieb Eldon Koyle <ekoyle@xxxxxxxxx>:

>I think perhaps you are misunderstanding the '-c' option of ssh-add.

Yeah, perhaps I do.

>The -c option is meant as an additional barrier to someone hijacking
>your agent (ie. if someone gains access as your user, they will be
>unable to use your key if they don't also have access to your X
>session).

I mostly found this option mentioned in connection with agent forwarding, and that's  use  case I have.

The benefit being that no one can use the 'forwarded' key/identity, unless I confirm it. So me forwarding my identity to a server getting hacked does not  compromise security.

Of course it's more comfortable if it's a  window popping up. But what if the forwarding, safe, machine is a machine without x? Maybe this use case was not intended and thus does not work.

Funny, that my first tests with the -c option exactly  into that corner case...
 
>One purpose of the ssh agent is to avoid having to type in your
>passphrase as often.  

But why it's just clicking a button enough to confirm the use? I world game thought that each use has to be confirmed by the passphrase.

So many questions... ;-)
Regards,
Johannes
-- 
This mail has been sent from my mobile phone. Please excuse the briefness.
This mail is not signed cryptographically.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux