also sprach Henrique de Moraes Holschuh <hmh@debian.org> [2004.11.02.1314 +0100]: > It should not be possible to retrieve key material from the agent, > ever. And the whole setup should not be vulnerable to replay > attacks when using protocol 2 either. > > Are you *completely* sure of what you are talking about? Yes, although I was not clear: having access to /tmp/ssh* means that you can access all hosts that trust the key used to login to the current host for the duration of the current session. Since only authentication has to be during the current session, an attacker could gain access to other hosts and idle there for as long as the network stays up. Access to key material and replay attacks are not possible. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature