[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-agent without graphical display manager? how?

On Monday 2009 January 05 16:31:35 Richard Hector wrote:
> Or can you just forward your existing agent when you connect (ssh -A),
> then run ssh-add on the remote machine (the one with the private key on
> it)?

Don't do this unless you trust root on the *remote* machine.  While the 
forwarding is in effect and the identity is unlocked, *remote* root can 
connect to the forwarded agent socket and, while they cannot read your key 
directly, they can authenticate as you.

I never forward my agent, to be safe.
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss@iguanasuicide.net                     ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.net/                      \_/     

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: