[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: doing an ssh into a compromised host

On Wed, Nov 03, 2004 at 10:17:22AM +0000, Marcus Williams wrote:
> On 03/11/2004, Andrew Pimlott wrote:
> > Do you have such a thing?  I would absolutely love an ssh agent that
> > only asks for pass-phrases as needed, times them out eventually, and
> > can prompt before answering a challenge.
> 
> quintuple-agent does something like this. Not sure if it supports ssh
> or not - its really for gpg and such. Looks like you could write a
> wrapper script so that it supported ssh though.

Thanks for the idea.  However, ssh-agent has to speak the ssh-agent
challenge-response protocol, and provides no way to call out to another
program for pass-phrases.  So hooking it up to quintuple-agent would
require some work, I believe.

Andrew
Reply to: