

Sharing your private SSH key(s) with people without revealing your secrets - ewindisch
https://github.com/ewindisch/reverse-ssh-agent

======
dodedo
This project seems to be a poor-quality re-implementation of openssh's agent
forwarding by someone who doesn't fully understand ssh's key mechanisms. In
fact, it's a good deal less secure than `ssh -A`, as it exposes the agent
proxy both in a unix domain socket AND in a tcp socket bound to localhost --
the latter of which is accessible by any local user.

The README uses very vague language, but my guess is that the author does not
understand the difference between agent forwarding with `ssh -A` and copying
private keys and starting a new ssh-agent.

~~~
ewindisch
This is a largely quick hack and Proof-of-Concept done in less than 30
minutes. Ideally, it would be implemented entirely with Unix sockets and it
could be implemented this way, but I had trouble getting socat to do this.
More work with socat or writing some Python would be a reasonable long-term
solution.

This does the _opposite_ of 'ssh -A'. With 'ssh -A', a local agent is
forwarded to an untrusted remote host. The agent lives on the client and the
remote server can use your local keys for authorization.

This script allows you to connect your local SSH clients to a remote agent.
The remote agent may be managed by another user. The use case is when you
intentionally _want_ to do this, allowing other users to authorize themselves
with your key, without directly revealing the secret.

This is quite simply, a way to have a (somewhat) secure shared-secret with
SSH. It is not a way to use your own secret, private key with an ssh client
living on a remote host.

The only way that 'ssh -A' can replicate this functionality is if another user
on the remote system connected to your (forwarded) socket and did an ssh-add.
That is a reasonable alternative, but it would be difficult to automate that
process in a secure way.

The README has been updated to note the danger of using TCP here.

~~~
ewindisch
Perhaps for more clarity, this _almost_ does the same thing as doing:

ssh -R22:localhost:9022 user@rhost -- ssh -A $USER@localhost -p 9022

In this case, for this to have feature-parity, another user on the remote
system would have to access your socket and do an 'ssh-add' with one of their
prive keys.

The differences here being that:

* rssh-agent daemonizes and gives the same output as 'ssh-agent'.

* a single SSH connection is established, not two.

It is again important to note that this allows you to _use_ but private keys
without filesystem access to those keys.

------
etherealG
would anyone mind explaining how this works? I'm confused as to how this would
help.

