Re: Informing the SSH agent of the target user@server

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 21 Mar 2018, Damien Miller wrote:

> I had more grandiose plans to allow each sshd to sign agent requests
> with the hostkey as they passed through, to allow some sort of chain
> of trust. Unfortunately that would require fairly far reaching
> changes to the SSH protocol to enable binding those signatures to the
> transport instance over which they occur.

I should add that one of the things that put me off pursing this further
was implementing ProxyJump/-J. Complex schemes for verifying agent
request provenance seem inferior in most ways than using ProxyJump to
set up end-to-end ssh sessions with the ultimate destination.

For that case, the main thing you want to do is locally subsetting which
keys ssh-agent is willing to present to remote destinations and that's a
way simpler problem.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux