On Thu, 2008-05-22 at 08:41 -0700, brett lentz wrote:
On Thu, May 22, 2008 at 8:19 AM, Mike McGrath
<mmcgrath(a)redhat.com> wrote:
> On Thu, 22 May 2008, brett lentz wrote:
>> The implications for ssh-agent is fairly simple. Your private key
>> still never touches the wire or the remote systems. SSH-Agent forwards
>> the auth challenges to the local system you're logging in from.
>>
>> Here's a great diagram of the process:
>>
http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
>>
>
> I know your private key doesn't touch the wire or remote system. But the
> agent creates a socket in /tmp/ssh-* and I'm worried someone with access
> to that socket could auth to other machines as the user.
Yes, that's a well-known risk. The only protections on that socket are
filesystem-level permissions, which root can obviously bypass.
And the risk isn't increased by us allowing third-party groups to do
auth via FAS. This risk is present whenever any user logs in to another
machine with agent forwarding. Which is requested by the user/client --
not the machine being logged into
Jeremy