gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <m...@leosimons.com>
Subject Disable agent forwarding for brutus please!
Date Sun, 20 Mar 2005 04:57:52 GMT
Hi everyone,

Manoj has just explained to me that if brutus were compromised, and you were
to log in using ssh agent forwarding, people would be able to get at /all/
of your /private/ ssh keys that are in the agent. This means that you should
not under any circumstances use agent forwarding with brutus. The way to
make sure of this under unix is to add these lines to the end of your
~/.ssh/config:

Host brutus.apache.org
ForwardAgent no

Just to be clear, this should be disabled by default, so it shouldn't be an
issue for most of us. Agent forwarding is where you have an intermediate
machine between the machine containing your private key and brutus.


Cheers,


Leo



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org


Mime
View raw message