On Mon, 2009-01-05 at 16:58 -0600, Boyd Stephen Smith Jr. wrote: > On Monday 2009 January 05 16:31:35 Richard Hector wrote: > > Or can you just forward your existing agent when you connect (ssh -A), > > then run ssh-add on the remote machine (the one with the private key on > > it)? > > Don't do this unless you trust root on the *remote* machine. While the > forwarding is in effect and the identity is unlocked, *remote* root can > connect to the forwarded agent socket and, while they cannot read your key > directly, they can authenticate as you.
Hmm. I think I did know this, on some level - but thanks for bringing it back to the foreground :-) Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org