Is there any solution, or even work on, limiting which keys gets forwarded where?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi,

I'm in a situation where I'm using multiple SSH keys, each to connect to
different set of servers.

I can't load/unload keys on demand, as I usually am connected to at
least 2 of such sets.

But - some rogue "root", could get access to my agent-forwarding socket,
and in turn, get access to keys loaded to agent (not in terms of
obtaining the key, but being able to use it to log to server he
shouldn't be able to).

As I understand the only solution is to run multiple ssh-agents, and
load each key to only one of them, and then, before connecting, pick
which agent to choose.

But this is pretty tedious, and error-prone.

Is there any ready solution that could be used, or perhaps a work on
incorporating key-filtering to ssh itself?

Best regards,

depesz

-- 
The best thing about modern society is how easy it is to avoid contact with it.
                                                             http://depesz.com/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux