On 21/03/18 10:30, Damien Miller wrote:
The downside of this design is that it blurs the trust boundary for ssh-agent; no longer would it be making decisions solely on its own - it would be trusting ssh not to lie to it about the remote destination.
That doesn't sound particularly bad to me. Sure, the agent might try a private key for the wrong destination, but that already happens. The method you outlined sounds rather good. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev