On Thu, Feb 24, 2000 at 05:31:35PM -0500, Brian Caswell wrote:
> The only thing that is required for the client system to be compromised
> is for the client to remotely log via ssh (with X11 forwarding enabled)
> into a compromised server.
And of course the sshd binary can be trojaned, your agent connections can
be hijacked, passwords logged, etc.
So Add ForwardAgent no to that host * stanza, only log in with an RSA
identity, and run ssh -v to see if anything weird happens.
The SSH protocol trusts the server. If you don't, tread very carefully.
--
David Terrell | "Any sufficiently advanced technology
Prime Minister, Nebcorp | is indistinguishable from a rigged demo."
[EMAIL PROTECTED] | - Brian Swetland
http://wwn.nebcorp.com/
