LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

agent = acts on behalf of

agent = acts on behalf of

Posted Jan 14, 2010 11:24 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: SSH: passwords or keys? by alkbyby
Parent article: SSH: passwords or keys?

You phrasing is unclear, which might be because you didn't know the specifics.

In any case: other programs in the session only get "access" to the key in the sense that the agent is willing to act for them and the agent has the key. They cannot, for example, make a copy of the key itself and send it somewhere.

The agent will help them answer challenges so that they can log into a remote server, but these challenges are only valid for a limited time, so you can't save one to use later.

This works out roughly equivalent to these programs running 'ssh' themselves, which of course is exactly what your shell (also in the session) does when you type ssh.

It would be nice to forbid programs with a large and exposed attack surface (not just the web browser, a PDF viewer is a good candidate, and perhaps email clients) from a wide variety of activities, but that's a bigger topic than SSH is able to address.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds