FAS and public Key auth
Jeremy Katz
katzj at redhat.com
Thu May 22 15:55:34 UTC 2008
On Thu, 2008-05-22 at 08:41 -0700, brett lentz wrote:
> On Thu, May 22, 2008 at 8:19 AM, Mike McGrath <mmcgrath at redhat.com> wrote:
> > On Thu, 22 May 2008, brett lentz wrote:
> >> The implications for ssh-agent is fairly simple. Your private key
> >> still never touches the wire or the remote systems. SSH-Agent forwards
> >> the auth challenges to the local system you're logging in from.
> >>
> >> Here's a great diagram of the process:
> >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
> >>
> >
> > I know your private key doesn't touch the wire or remote system. But the
> > agent creates a socket in /tmp/ssh-* and I'm worried someone with access
> > to that socket could auth to other machines as the user.
>
> Yes, that's a well-known risk. The only protections on that socket are
> filesystem-level permissions, which root can obviously bypass.
And the risk isn't increased by us allowing third-party groups to do
auth via FAS. This risk is present whenever any user logs in to another
machine with agent forwarding. Which is requested by the user/client --
not the machine being logged into
Jeremy
More information about the infrastructure
mailing list