Best Practices for Securing SSH

[rgun]

Can you please elaborate on why preventing ssh agent is good?

[tptacek]

Forwarding your agent exposes your authentication secrets to the machines you're connecting to.

[tedunangst]

A bit late, but I feel it's important to clarify it exposes something like "authentication capability" not the actual secrets. It's temporally bounded.

[tptacek]

Yeah, I had the same itchy thought when I wrote this; I decided to keep it simple.