openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: ssh-agent use in different security domain

Re: ssh-agent use in different security domains

From: Damien Miller <djm_at_nospam>
Date: Thu Oct 27 2011 - 00:08:10 GMT
To: "openssh-unix-dev@mindrot.org" <openssh-unix-dev@mindrot.org>

On Wed, 26 Oct 2011, Daniel Kahn Gillmor wrote:

> On 10/26/2011 03:15 PM, Saku Ytti wrote:
> > If there is usage scenario for ForwardAgent, there is usage scenario for
> > ForwardAgent in multiple security domains.
>
> I suppose i'm arguing right now that the only legitimate usage scenario
> for ForwardAgent is when the user doesn't understand how to use
> ProxyCommand for a jumphost.
>
> I'd rather streamline the jumphost case than add extra cruft that might
> encourage users to forward their agent.
>
> If someone can propose a legitimate situation where agent forwarding is
> needed, i'd like to hear about it.

Yeah, agent forwarding predates stdio forwarding by more than a decade.
I don't have time to write it, but a good explanation and HOWTO seems in
order.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev