On Wed, Jul 19, 2023 at 10:07 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > > On Wed, 19 Jul 2023, Christoph Anton Mitterer wrote: > > > Hey. > > > > On Wed, 2023-07-19 at 08:40 -0600, Damien Miller wrote: > > > via a forwarded agent socket if the following > > > conditions are met: > > > > I assume this also means that when: > > ForwardAgent=no > > respectively: > > -a > > is used, one is not vulnerable? > > You'd still be vulnerable to a local attack if they could get past the > filesystem permissions, however this is highly unlikely. > > I'd recommend the workaround in the release notes though. Disabling agent forwarding is recommended on a lot of systems. Permitting agent forwarding is *extremely* useful for jump points, intermediate exposed systems where you might want to use one credential to log into the jump point, and another private key to connect to another system, but don't want to install your private key on the jump point myself. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
