Re: agent key forwarding -- security issues?
From: Neil W Rickert (rickert+nn@cs.niu.edu)Date: 03/12/02
- Next message: Richard Silverman: "Re: Help, 'r' commands not working using ssh"
- Previous message: dc: "Help, 'r' commands not working using ssh"
- In reply to: Roy Smith: "agent key forwarding -- security issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Neil W Rickert <rickert+nn@cs.niu.edu> Date: 12 Mar 2002 19:36:14 GMT
Roy Smith <roy@panix.com> writes:
>Now that I've got 3.1p1 installed and working, a couple of people are
>pressuring me to enable agent key forwarding. I've been reading about it,
>and I think I understand how it works, but I'm unsure if it's a good idea
>or not. It seems like there are security implications.
Mainly, these are implications for the users who do agent forwarding.
My practice is to have agent forwarding turned off in ssh_config, but
turned on in sshd_config. That way the default is to not do agent
forwarding, but users may do it either with command line options to
their ssh command, or in their own ssh_config file.
>With agent key forwarding, if a single box is compromised, the entire
>network is also.
No more than if a user is sloppy about protecting his/her login
password.
If agent forwarding is used unwisely, the risk is that somebody might
be able to "borrow" the access rights of the user whose forwarding
was compromised.
> This reminds me of when I used to run kerberos; the same
>was true about compromising the KDC.
But that would compromise all users.
> The difference is that with kerberos,
>the KDC was under my control. Access was strictly controlled, and the box
>was in a physically secure location. With ssh agent key forwarding, the
>key server becomes the users's own PC, which I have no control over.
If the user server is compromised, the intruder can use the access
privileges of that user. If the user instead leaves his password
in a file, with expect scripts to supply it automatically, then
an intruder on that system can use the access privileges of the user.
I don't see that you are introducing any new risks by allowing agent
forwarding.
The bigger risk is that your user does agent forwarding to an
insecure system that you do not control. Then an intruder on that
insecure system might be able to borrow your user's access
privileges.
- Next message: Richard Silverman: "Re: Help, 'r' commands not working using ssh"
- Previous message: dc: "Help, 'r' commands not working using ssh"
- In reply to: Roy Smith: "agent key forwarding -- security issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
