From stephen.farrell@cs.tcd.ie Tue Apr 9 05:53:18 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE98021F937B for ; Tue, 9 Apr 2013 05:53:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4NJvlYol++l for ; Tue, 9 Apr 2013 05:53:18 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 3C36F21F8F69 for ; Tue, 9 Apr 2013 05:53:17 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A1EE6BE5B for ; Tue, 9 Apr 2013 13:52:55 +0100 (IST) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id euxlUqJUnrpl for ; Tue, 9 Apr 2013 13:52:55 +0100 (IST) Received: from [IPv6:2001:770:10:203:54d4:67d3:a46c:a5f2] (unknown [IPv6:2001:770:10:203:54d4:67d3:a46c:a5f2]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 7E11ABE51 for ; Tue, 9 Apr 2013 13:52:55 +0100 (IST) Message-ID: <51640F27.1020500@cs.tcd.ie> Date: Tue, 09 Apr 2013 13:52:55 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: sshmgmt@ietf.org X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Sshmgmt] test - EOM X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2013 12:53:18 -0000 From stephen.farrell@cs.tcd.ie Tue Apr 9 09:23:22 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DBCA21F8554 for ; Tue, 9 Apr 2013 09:23:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.166 X-Spam-Level: X-Spam-Status: No, score=-102.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5Yst5wyZhNl for ; Tue, 9 Apr 2013 09:23:22 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 1537C21F8546 for ; Tue, 9 Apr 2013 09:23:19 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5D41CBE64; Tue, 9 Apr 2013 17:22:57 +0100 (IST) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSFmk+JncABv; Tue, 9 Apr 2013 17:22:57 +0100 (IST) Received: from [IPv6:2001:770:10:203:54d4:67d3:a46c:a5f2] (unknown [IPv6:2001:770:10:203:54d4:67d3:a46c:a5f2]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2509FBE62; Tue, 9 Apr 2013 17:22:57 +0100 (IST) Message-ID: <51644061.8090008@cs.tcd.ie> Date: Tue, 09 Apr 2013 17:22:57 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: sshmgmt@ietf.org X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: William Chen Subject: [Sshmgmt] test2 - EOM X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2013 16:23:22 -0000 From wchen@amsl.com Tue Apr 9 09:28:07 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E9E21F8F2C for ; Tue, 9 Apr 2013 09:28:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4xntovjsC9SF for ; Tue, 9 Apr 2013 09:28:04 -0700 (PDT) Received: from mail.amsl.com (mail.amsl.com [IPv6:2001:1890:126c::1:14]) by ietfa.amsl.com (Postfix) with ESMTP id A069621F85F3 for ; Tue, 9 Apr 2013 09:27:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 615C712A9BE for ; Tue, 9 Apr 2013 09:27:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qywu2trQVlp8 for ; Tue, 9 Apr 2013 09:27:52 -0700 (PDT) Received: from unknown1040f3eb018a.att.net (99-167-201-80.lightspeed.sndgca.sbcglobal.net [99.167.201.80]) by c8a.amsl.com (Postfix) with ESMTPSA id 41A4012A9BD for ; Tue, 9 Apr 2013 09:27:52 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: William Chen In-Reply-To: <51644061.8090008@cs.tcd.ie> Date: Tue, 9 Apr 2013 09:27:50 -0700 Content-Transfer-Encoding: 7bit Message-Id: <6E64413D-5B18-4614-BA89-2ED0577FE22E@amsl.com> References: <51644061.8090008@cs.tcd.ie> To: sshmgmt@ietf.org X-Mailer: Apple Mail (2.1503) Subject: [Sshmgmt] Test. X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2013 16:28:07 -0000 Testing the list. Please Ignore. From tyl@ssh.com Wed Apr 10 02:29:27 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8343B21F92F2 for ; Wed, 10 Apr 2013 02:29:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.329 X-Spam-Level: ** X-Spam-Status: No, score=2.329 tagged_above=-999 required=5 tests=[AWL=0.467, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qy4sm9kT7bS2 for ; Wed, 10 Apr 2013 02:29:27 -0700 (PDT) Received: from ip-194-137-52-209.ssh.com (ip-194-137-52-209.ssh.com [194.137.52.209]) by ietfa.amsl.com (Postfix) with ESMTP id ED9C421F9173 for ; Wed, 10 Apr 2013 02:29:26 -0700 (PDT) Received: from [192.168.0.100] (mfd2536d0.tmodns.net [208.54.37.253]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by allman.clausal.com (Postfix) with ESMTPSA id 463AD78011E for ; Tue, 9 Apr 2013 15:31:23 +0300 (EEST) From: Tatu Ylonen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Tue, 9 Apr 2013 15:21:38 +0300 Message-Id: To: sshmgmt@ietf.org Mime-Version: 1.0 (Apple Message framework v1283) X-Mailer: Apple Mail (2.1283) Subject: [Sshmgmt] sshmgmt mailing list test X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 09:29:27 -0000 This message is just a test. Looks like e-mails to sshmgmt@ietf.org = might not be going through, so I want to make sure. Sorry for the inconvenience. Tatu From tyl@ssh.com Wed Apr 10 02:39:33 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3A921F8B1E for ; Wed, 10 Apr 2013 02:39:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.483 X-Spam-Level: ** X-Spam-Status: No, score=2.483 tagged_above=-999 required=5 tests=[AWL=0.002, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sjfytvKY6LmI for ; Wed, 10 Apr 2013 02:39:32 -0700 (PDT) Received: from ip-194-137-52-209.ssh.com (ip-194-137-52-209.ssh.com [194.137.52.209]) by ietfa.amsl.com (Postfix) with ESMTP id 7D25F21F8A68 for ; Wed, 10 Apr 2013 02:39:32 -0700 (PDT) Received: from [192.168.43.158] (ma92836d0.tmodns.net [208.54.40.169]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by allman.clausal.com (Postfix) with ESMTPSA id EC8EB78010B for ; Sat, 6 Apr 2013 16:34:48 +0300 (EEST) From: Tatu Ylonen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sat, 6 Apr 2013 16:24:50 +0300 Message-Id: <6327A1B5-24E9-4F6D-9D03-8CA2C037E70D@ssh.com> To: sshmgmt@ietf.org Mime-Version: 1.0 (Apple Message framework v1283) X-Mailer: Apple Mail (2.1283) Subject: [Sshmgmt] new draft draft-ylonen-sshkeybcp-01.txt on SSH user key management X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 09:39:33 -0000 I new draft "Managing SSH Keys for Automated Access - Current = Recommended Practice" is available at = https://tools.ietf.org/html/draft-ylonen-sshkeybcp-01 Please send comments to this list (sshmgmt@ietf.org). Regards, Tatu From simon@josefsson.org Wed Apr 10 10:48:21 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E41F921F8ED4 for ; Wed, 10 Apr 2013 10:48:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.909 X-Spam-Level: X-Spam-Status: No, score=-99.909 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_EQ_STATICB=1.372, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkCqWA6nsDmv for ; Wed, 10 Apr 2013 10:48:21 -0700 (PDT) Received: from yxa-v.extundo.com (static-213-115-179-173.sme.bredbandsbolaget.se [213.115.179.173]) by ietfa.amsl.com (Postfix) with ESMTP id 5526A21F8EB9 for ; Wed, 10 Apr 2013 10:48:17 -0700 (PDT) Received: from [192.168.1.42] (host-95-192-118-188.mobileonline.telia.com [95.192.118.188]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id r3AHm4ma014538 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 10 Apr 2013 19:48:08 +0200 Message-ID: <1365616078.5530.7.camel@latte.josefsson.org> From: Simon Josefsson To: sshmgmt@ietf.org Date: Wed, 10 Apr 2013 19:47:58 +0200 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.4.4-3 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.3 at yxa-v X-Virus-Status: Clean Subject: [Sshmgmt] Agent forwarding X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 17:48:22 -0000 Hi. Please consider discussing the problem of enabling so called "agent forwarding" (OpenSSH -A flag) when connecting to remote systems. Briefly, if a remote system has been compromised, and you connect to it using 'ssh -A', the remote system can use your credentials to login to other systems. Normally there is no user feedback of what is going on either. I've seen uses of 'ForwardAgent yes' in people's .ssh/config which is risky and IMHO a problem worthy of attention. If this concern is already covered by more generic text in the document, I must have missed it and then I'm sorry for wasting your time -- I searched for "agent" in the document. Thanks, /Simon From peter@notatla.org.uk Sat Apr 20 05:23:55 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E9B21F8F5C for ; Sat, 20 Apr 2013 05:23:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.904 X-Spam-Level: X-Spam-Status: No, score=-0.904 tagged_above=-999 required=5 tests=[AWL=0.830, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uxEdXYwffVqP for ; Sat, 20 Apr 2013 05:23:55 -0700 (PDT) Received: from notatla.org.uk (dsl-217-155-246-43.zen.co.uk [217.155.246.43]) by ietfa.amsl.com (Postfix) with ESMTP id 56E7321F8D6A for ; Sat, 20 Apr 2013 05:23:52 -0700 (PDT) Received: by notatla.org.uk (Postfix, from userid 508) id D670D80048; Sat, 20 Apr 2013 13:23:50 +0100 (BST) Date: Sat, 20 Apr 2013 13:23:50 +0100 To: sshmgmt@ietf.org User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20130420122350.D670D80048@notatla.org.uk> From: peter@notatla.org.uk Subject: Re: [Sshmgmt] Agent forwarding X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Apr 2013 12:23:56 -0000 Simon Josefsson writes: > Briefly, if a remote system has been compromised, and you connect to it > using 'ssh -A', the remote system can use your credentials to login to > other systems. Normally there is no user feedback of what is going on > either. I've seen uses of 'ForwardAgent yes' in people's .ssh/config > which is risky and IMHO a problem worthy of attention. This is a risk but it's difficult to deal with without removing the non-interactive SSO that the agent provides and is the reason people use it. Also from the man page: "Several identities can be stored in the agent; the agent can automatically use any of these identities." What I think could be done are: a) logging by the agent when it computes a challenge The log to include the host public key which the challenge proves correct and fresh. I'm guessing that's possible (even if it meant reworking the challenge) but haven't studied it. The aim is that when you are blamed for a login you show in the agent log how it was assisted by the agent during contact with some other list of hosts - one of which is now suspected of using the agent without user consent. b) real-time display by the agent when it computes a challenge c) limit the agent instance by number/rate of challenges d) limit the agent instance by which hosts/identities it will compute challenges for (again assuming it knows which that is). From tyl@ssh.com Sat Apr 20 11:21:52 2013 Return-Path: X-Original-To: sshmgmt@ietfa.amsl.com Delivered-To: sshmgmt@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D4D21F8E96 for ; Sat, 20 Apr 2013 11:21:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.862 X-Spam-Level: * X-Spam-Status: No, score=1.862 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, RDNS_DYNAMIC=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AwBZWqSnXXgr for ; Sat, 20 Apr 2013 11:21:49 -0700 (PDT) Received: from ip-194-137-52-209.ssh.com (ip-194-137-52-209.ssh.com [194.137.52.209]) by ietfa.amsl.com (Postfix) with ESMTP id E57CC21F8D61 for ; Sat, 20 Apr 2013 11:21:47 -0700 (PDT) Received: from [192.168.0.101] (mee2436d0.tmodns.net [208.54.36.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ip-194-137-52-209.ssh.com (Postfix) with ESMTPSA id 9840F780145; Sat, 20 Apr 2013 21:31:57 +0300 (EEST) Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Tatu Ylonen In-Reply-To: <20130420122350.D670D80048@notatla.org.uk> Date: Sat, 20 Apr 2013 21:21:49 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130420122350.D670D80048@notatla.org.uk> To: X-Mailer: Apple Mail (2.1283) Cc: sshmgmt@ietf.org Subject: Re: [Sshmgmt] Agent forwarding X-BeenThere: sshmgmt@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Apr 2013 18:21:52 -0000 Almost all non-interactive use of SSH is without using an agent (though = I am aware of some cases where people load a key with a passphrase into = an agent in a script and use it through the agent). Thus I see agent = forwarding primarily as an issue for interactive use. I agree with Peter that limiting agent forwarding is kind of difficult = to deal with making the non-SSO usage more difficult. I believe at = least OpenSSH disables agent forwarding by default, and my understanding = is that Tectia SSH has provided the ability to gain visibility to what = is done with the agent and restrict it for years (at least on Windows = platforms). =20 Overall, I see this as a user interface issue for clients, rather than a = protocol issue or even an issue to be addressed in the key management = draft (the main substance of the draft is around provisioning and = managing access to systems using SSH keys throughout the lifetime of = such access). I could of course add some language about agent and the use case I = mentioned in the first paragraph in Section 2, but my preference would = be to keep Section 2 as short as possible, because the lead-in to the = real substance in Sections 3-7 is already a bit lengthy (but needed in = my opinion as many people are not so familiar with how authentication in = SSH actually works - I also considered moving some or all of Section 2 = to an appendix but in the end decided to leave the material where it is = but try to keep it reasonably short). Tatu On Apr 20, 2013, at 3:23 PM, = wrote: > Simon Josefsson writes: >> Briefly, if a remote system has been compromised, and you connect to = it >> using 'ssh -A', the remote system can use your credentials to login = to >> other systems. Normally there is no user feedback of what is going = on >> either. I've seen uses of 'ForwardAgent yes' in people's .ssh/config >> which is risky and IMHO a problem worthy of attention. >=20 > This is a risk but it's difficult to deal with without removing the > non-interactive SSO that the agent provides and is the reason people > use it. >=20 > Also from the man page: "Several identities can be stored in the = agent; > the agent can automatically use any of these identities." >=20 > What I think could be done are: >=20 > a) logging by the agent when it computes a challenge >=20 > The log to include the host public key which the > challenge proves correct and fresh. I'm guessing that's > possible (even if it meant reworking the challenge) > but haven't studied it. The aim is that when you are > blamed for a login you show in the agent log how it was > assisted by the agent during contact with some other > list of hosts - one of which is now suspected of using > the agent without user consent. >=20 > b) real-time display by the agent when it computes a challenge >=20 > c) limit the agent instance by number/rate of challenges >=20 > d) limit the agent instance by which hosts/identities it will > compute challenges for (again assuming it knows which that is). > _______________________________________________ > sshmgmt mailing list > sshmgmt@ietf.org > https://www.ietf.org/mailman/listinfo/sshmgmt