Re: ssh-agent without graphical display manager? how?

To: debian-user@lists.debian.org
Subject: Re: ssh-agent without graphical display manager? how?
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Mon, 5 Jan 2009 16:58:09 -0600
Message-id: <[🔎] 200901051658.12721.bss@iguanasuicide.net>
In-reply-to: <[🔎] 1231194695.3485.3.camel@topaz.wgtn.cat-it.co.nz>
References: <[🔎] 20090104155527.GA25394@big.lan.gnu> <[🔎] 1231194695.3485.3.camel@topaz.wgtn.cat-it.co.nz>

On Monday 2009 January 05 16:31:35 Richard Hector wrote:
> Or can you just forward your existing agent when you connect (ssh -A),
> then run ssh-add on the remote machine (the one with the private key on
> it)?

Don't do this unless you trust root on the *remote* machine.  While the 
forwarding is in effect and the identity is unlocked, *remote* root can 
connect to the forwarded agent socket and, while they cannot read your key 
directly, they can authenticate as you.

I never forward my agent, to be safe.
-- 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss@iguanasuicide.net                     ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.net/                      \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: ssh-agent without graphical display manager? how?
  - From: Richard Hector <richard@walnut.gen.nz>

References:
- ssh-agent without graphical display manager? how?
  - From: Paul E Condon <pec@mesanetworks.net>
- Re: ssh-agent without graphical display manager? how?
  - From: Richard Hector <richard@walnut.gen.nz>

Prev by Date: Re: RAID5 (mdadm) array hosed after grow operation
Next by Date: Re: [OT] mailing lists versus usenet / reply to list, reply-to, reply
Previous by thread: Re: ssh-agent without graphical display manager? how?
Next by thread: Re: ssh-agent without graphical display manager? how?
Index(es):
- Date
- Thread