On Mon, Apr 03, 2000 at 12:49:24PM +0200, Robert Bihlmeyer wrote: > > As I understand it, you can't actually *obtain* the keys, you can just > > *use* them. Often though, this is just as good. > Yes. "Snarf" was the wrong word. Just being able to use them while the > user is connected restricts your time to find the hosts this key > unlocks. And it might be worth mentioning that `ssh -v' from your local host, will let you see which machines are getting your ssh-agent to do stuff. This can get a bit ugly, but it's probably worthwhile. An exercise for someone interested: hack ssh-agent so it pops up a window which you can use to say `yes' or `no' to requests from non-localhosts for secret key operations. Usual provisos about making this an option, and not breaking things for people who don't use X, and so on. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG encrypted mail preferred. ``The thing is: trying to be too generic is EVIL. It's stupid, it results in slower code, and it results in more bugs.'' -- Linus Torvalds
Attachment:
pgpzco7yUMHAP.pgp
Description: PGP signature