On Thu May 22 2008, Mike McGrath wrote:
You think mitm is fairly low but is it really? Lets say, for
example, you
forward your ssh agent to this remote host. What are the implications
there?
When someone forwards the ssh agent to a machine, the root user of this
machine can access it and use it to authenticate to other machines. Afaik,
the only way to prevent this is to use "ssh-add -c" when adding the keys to
the agent which makes the agent ask the user for permission everytime the key
should be used for authentication.
But this is a problem that exists even when the FAS is not used by third
parties, because an user can still forward his ssh-agent.
Regards,
Till