Re: add keys and certificate to forwarded agent on remote host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 18/09/18, Darren Tucker (dtucker@xxxxxxxxxxx) wrote:
> On 18 September 2018 at 05:34, Rory Campbell-Lange
> <rory@xxxxxxxxxxxxxxxxxx> wrote:
> [...]
> > Local:
> >
> >         $ ssh-add -l
> >         2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA)
> >         2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT)
> >         2048 SHA256:SZG...5hUQ newkey (RSA)
> >         2048 SHA256:7IS...JRi8 shortlifekey (RSA)
> >
> >         wait 5 minutes...
> >
> >         2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA)
> >         2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA-CERT)
> >         2048 SHA256:SZGf...5hUQ newkey (RSA)
> 
> Note that as Peter pointed out, that timeout is implemented in the
> agent.  Be aware that there is nothing stopping someone modifying
> their agent to keep a copy of the key, which may or may not matter in
> your use case.

However, if we add a temporary key and associated time-limited
certificate, I assume modifying the agent is less of a risk?

Rory


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux