SSH generic socket forwarding for gpg-agent

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Feb 16 08:41:06 CET 2015


On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
> Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
>
>> The traditional argument against this sort of feature is that someone
>> with control over your local socket would most likely have control over
>> your graphical environment, and therefore could dismiss or hide any
>> prompt that comes up (so the prompting is a false sense of security).
> Who told, not so long ago, that if the attacker have control of the
> machine you're using you've already lost?
> The machine from where one is originating the ssh connection have to be
> quite trusted. Else you need a smartcard with out-of-band authorization
> for every operation.

Yes, of course.  But the remote machine you're connecting *to* (and
forwarding your agent to) is outside of that trust boundary.

In situations where you want to make sure that you know (and approve of)
the use of the agent by the remote machine, you'd like a prompt to
appear within your (local, trusted) environment.

       --dkg



More information about the Gnupg-users mailing list