openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: ssh-agent use in different security domains

ssh-agent use in different security domains

From: Saku Ytti <saku_at_nospam>
Date: Tue Oct 25 2011 - 07:57:18 GMT
To: openssh-unix-dev@mindrot.org

Consider this topology

                domain1-server1 domain2-server2
                            | |
    laptop - domain1-server1 ---- domain2-server1

Laptop has two ssh identities, domain1 and domain2.

I don't wish to store identity locally in any of the servers. As far
as I understand, there isn't any way to limit ssh-agent to allow only
signing domain2 servers with domain2 identity? So Evil Admin of
domain2 could potentially ssh using my domain1 identity to domain1
server?

But need this be so? Couldn't we have something like

cat >> .ssh/config
host *.domain1.*
  Identity permit domain1-key
  Identity deny all

host *.domain2.*
  Identity permit domain2-key
  Identity deny all
^D

Or maybe ssh-agent itself could prompt user: 'domain2-server2 wants me
to sign with identity domain1-key, allow? yes/no, [ ] always?'.

Or is this problem already solved somehow?
--   ++ytti _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev