
An Illustrated Guide to SSH Agent Forwarding - adambyrtek
http://www.unixwiz.net/techtips/ssh-agent-forwarding.html
======
qjz
SSH agent forwarding is tremendously useful, but I'm glad the article points
out how trivial it is for the root user on a remote system to hijack a user's
agent and potentially connect to other systems. The moral of the story: Only
forward your agent to trusted systems.

~~~
jsn
Exactly. Actually, I haven't yet seen a scenario where ssh agent forwarding is
useful. It always increases the risks: the machine you're forwarding to may be
compromised, and in case it is, your private key is not private anymore. And
the attacker who gets your key gets instant access to _all_ other machines you
access with that key. How is it worth it? Why would anyone bet the [server]
farm on that when you can easily use "ssh -L" or something to forward your ssh
connections without exposing your key? Beats me.

~~~
Groxx
Why would _your_ private keys be lost? They're not transferred at any time.
That's kind of the _point_ of private keys in an asymmetrical encryption
scheme.

All the agent forwarding exposes you to is someone in the middle routing
requests _they_ generate to authenticate against _your_ computer, which is
automatically responded to by your using an agent. If you don't use an agent,
it'll ask for your password to use your private key.

edit: using a _second_ agent on the middle computer _without_ agent forwarding
exposes your private key, because the agent on that computer needs to be able
to respond to its outbound connections. Agent forwarding prevents this from
being necessary. It's specifically built to prevent what you described as the
danger.

~~~
jsn
Duh. Where exactly did you get the idea that your private key would be _lost_?
It's no longer private because the attacker can use your forwarded connection
"to authenticate using the identities loaded into the agent". It's right there
in ssh man page.

Neither did I ever suggest using the second agent on the middle computer --
sure, it's obviously stupid.

> It's specifically built to prevent what you described as the danger.

You're wrong. See "man ssh", it's documented right there in "-A" option
description.

~~~
Groxx
Because you mentioned:

> _your private key is not private anymore_

and:

> _the attacker who gets your key gets instant access to all other machines
> you access with that key._

Which is wrong. They _don't_ get your key. They get the ability to
authenticate _as_ you _while you are connected_ , and nothing else.

------
kanwisher
I personally would like to see more informative articles like this on basics,
its been really fun like seeing articles on netcat. You always pick up little
juicy details

------
CUViper
Cygwin users may want to check out ssh-pageant or charade to access ssh keys
from PuTTY's Pageant storage.

<http://github.com/cuviper/ssh-pageant>

<http://github.com/wesleyd/charade>

Disclaimer: I am the author of ssh-pageant. I found charade just recently and
noticed that it takes a very similar approach.

