User: Password:
|
|
Subscribe / Log in / New account

SSH: passwords or keys?

SSH: passwords or keys?

Posted Jan 15, 2010 9:58 UTC (Fri) by marcH (subscriber, #57642)
In reply to: SSH: passwords or keys? by nix
Parent article: SSH: passwords or keys?

How could you notice this? (besides enabling verbose mode)


(Log in to post comments)

SSH: passwords or keys?

Posted Jan 16, 2010 12:32 UTC (Sat) by nix (subscriber, #2304) [Link]

System A had an agent running on it. I sshed to system B, which has a pile
of identities on it, and tried to use one of them to get to system C. No
can do, it insisted on using system A's key, which system C had never
heard of.

SSH: passwords or keys?

Posted Jan 16, 2010 15:20 UTC (Sat) by marcH (subscriber, #57642) [Link]

I am afraid I am lost here... how can system B talk to the agent running on system A!?

My experience with ssh-agent and multiple identities is quite different. The agent never "insists" but quickly gives up and eventually lets ssh use the "-i" key.

SSH: passwords or keys?

Posted Jan 17, 2010 13:34 UTC (Sun) by nix (subscriber, #2304) [Link]

Sorry, I missed a bit. System B can talk to system A's agent because agent
forwarding was turned on (I tend to have it on almost everywhere because
normally it's useful).

SSH: passwords or keys?

Posted Jan 17, 2010 18:08 UTC (Sun) by janfrode (subscriber, #244) [Link]

Then I hope you have complete trust in the admins and security of those boxes, as they can easily use your private keys (unless you have the agent prompt you to confirm every auth).

SSH: passwords or keys?

Posted Jan 17, 2010 22:59 UTC (Sun) by nix (subscriber, #2304) [Link]

Well, yes. I administer system A and system B in this scenario, and I
trust myself (but not system C, and agent forwarding is turned off for the
ssh to system C: but it insists on using the agent's keys anyway, even
though I specifically asked it to use a different one using -i.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds