On Wednesday, December 4, 2019 8:44:18 PM MST Kevin Kofler wrote:
How would that work? The shell runs on the server. The SSH agent runs
on the
client, the only one that has the private key. How can the SSH agent know
that it is talking to your "fake shell" and not to an attacker's fake
"fake
shell"? This needs to be part of the protocol, not hacked onto it.
The very same way that it already knows when it's talking to `ssh` on a remote
server. You've already verified the fingerprint, either manually or using DNS.
--
John M. Harris, Jr.
Splentity