Security Issues
ssh-agent
creates a socket and then checks the connections from ssh
. Everyone who is able to connect to this socket also has access to the ssh-agent
. The permissions are set as in a usual Linux or Unix system. When the agent starts, it creates a new directory in /tmp
with restrictive permissions. The socket is located in the folder.
There is a possibility to try to prevent malware from using the ssh-agent
socket. If the ssh-add -c
option is set when the keys are imported into the ssh-agent
, then the agent requests a confirmation from the user using the program specified by the SSH_ASKPASS
environment variable, whenever ssh
tries to connect.
On the local system, it is important that the root user is trustworthy, because the root user can, amongst other things, just read the key file directly. On the remote system, if the ssh-agent
connection is forwarded, it is also important that the root user is trustworthy, because they can access the agent socket (though not the key).
Read more about this topic: Ssh-agent
Famous quotes containing the words security and/or issues:
“The three great ends which a statesman ought to propose to himself in the government of a nation, are,1. Security to possessors; 2. Facility to acquirers; and, 3. Hope to all.”
—Samuel Taylor Coleridge (17721834)
“Cynicism formulates issues clearly, but only to dismiss them.”
—Mason Cooley (b. 1927)