douglas.manton at uk.ibm.com
2001-Jun-01 14:10 UTC
Disabling Password-based auth? (was RE: recent breakins)
> There is no effective > way for any authentication information from the first > session to be passed to the second, in my mind.SSH agent forwarding allows authentication challenges to be securely forwarded back to your local machine. The intermediary client acts as a proxy and does not benefit from watching the authentication challenge/response pass by. Of course, it does then have access to the remote machine for that session. The trojan SSH client could always take this opportunity to add another public key to allow 3rd party access... -------------------------------------------------------- Doug Manton, AT&T EMEA Commercial Security Solutions E: demanton at att.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"