On Mon, Apr 03, 2000 at 12:49:24PM +0200, Robert Bihlmeyer wrote:
> > As I understand it, you can't actually *obtain* the keys, you can just
> > *use* them. Often though, this is just as good.
> Yes. "Snarf" was the wrong word. Just being able to use them while the
> user is connected restricts your time to find the hosts this key
> unlocks.
And it might be worth mentioning that `ssh -v' from your local host, will
let you see which machines are getting your ssh-agent to do stuff. This
can get a bit ugly, but it's probably worthwhile.
An exercise for someone interested: hack ssh-agent so it pops up a window
which you can use to say `yes' or `no' to requests from non-localhosts for
secret key operations. Usual provisos about making this an option, and not
breaking things for people who don't use X, and so on.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.
``The thing is: trying to be too generic is EVIL. It's stupid, it
results in slower code, and it results in more bugs.''
-- Linus Torvalds
Attachment:
pgpzco7yUMHAP.pgp
Description: PGP signature