Re: Filtering which identities are forwarded by ssh-agent to a given host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 02/02/15 03:53, Damien Miller wrote:

On Mon, 2 Feb 2015, ?ngel Gonz?lez wrote:


IMHO the way to go is not teach ssh the agent protocol, but modify the agent
protocol so that each request gets prepended the hostname requesting it
(forwarded connections would contain the full chain)

Then you have to modify all of ssh, sshd and ssh-agent and doesn't
work until they are all upgraded.

Only ssh-agent and ssh (and the change to the former could be trivial)


Moreover, unless you include signing (by the hostkey) for forwarded hops
and verification of same at the agent side, then you can't trust anything
past the first hop.
I wasn't attempting to go that far. Just accountability, similar to how Received: headers work in SMTP. And yes, you can't trust anything past the first evil hop. Still, I see many benefits compared to the current all-or-nothing agent trust. (Of course, to be really sure that nobody intercepts the agent request, you MUST 
perform the ssh connection locally, with a ProxyCommand. Full Stop)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux