bugzilla-daemon at mindrot.org
2015-Aug-04 21:12 UTC
[Bug 2438] New: Warn about using ForwardAgent with all hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2438
Bug ID: 2438
Summary: Warn about using ForwardAgent with all hosts
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: josh at joshtriplett.org
Just as OpenSSH warns if you have insecure permissions on your keys,
I'd suggest that OpenSSH should warn if you have an insecure setting of
ForwardAgent: if you have a global "yes" or a Host * "yes",
OpenSSH
could warn and suggest a more host-specific setting.
For an example of how widespread this unsafe setting is:
https://github.com/search?utf8=%E2%9C%93&q=ForwardAgent&type=Code&ref=searchresults
--
You are receiving this mail because:
You are watching the assignee of the bug.
Apparently Analagous Threads
- Patch to add "warn" value to ForwardX11 and ForwardAgent
- [Bug 3555] New: ForwardAgent doesn't work under Match canonical
- Unintended key info disclosure via ForwardAgent?
- [Bug 1499] New: Add "ForwardAgent ask" to ssh_config
- ability to select which identity to forward when using "ForwardAgent" ?
Wisdom of the Ancients
