Heh. It's funny now, looking back on it, but I experienced several minutes of panic this morning as I connected to a remote system via SSH and discovered that I was unexpectedly able to connect back to the originating system at will without mentioning any password. It was definitely a WTF moment since my ~/.ssh directory on the remote system has basically nothing in it, certainly no SSH keys. I was obliged to wonder if the SSH server on the originating system had somehow been compromised such that it no longer demanded keys for inbound connections, but I now understand better what is really going on:
- The originating system is rigged such that SSH connections to localhost work without passwords because ~/.ssh/id_dsa.pub is mentioned in ~/.ssh/authorized_keys - SSH on the remote system is rigged by default to forward SSH authentication agent traffic. - My SSH client config on the originating system is rigged to permit authentication agent forwarding. ...so once I'd authenticated to the remote system via password all the plumbing was in place for the originating system to pass my key to remote system which passed it back to originating system, where it was found in the authorized_keys file and used to authenticate me. I note that the SSH man page warns: "Agent forwarding should be enabled with caution" Uh-huh... _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
