On 2008-09-13, Jonathan Schleifer <[EMAIL PROTECTED]> wrote: > Am 12.09.2008 um 23:19 schrieb Stuart Henderson: > >> On 2008/09/12 13:59, Marti Martinez wrote: >>> On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson <[EMAIL PROTECTED] >>> >wrote: >>> >>>>> Wait, how do you know someone is typing a password inside the >>>>> session >>>>> and not just writing a text file or typing arbitrary commands? >>>> >>>> e.g. when eve's machine that's hijacking the network packets picks >>>> up an outgoing SSH connection. >>>> >>>> >>> man ssh-keygen >> >> Enter passphrase for key '/home/sthen/.ssh/id_rsa': > > 1.) That promopt's local! > 2.) ssh-agent > 3.) RTFM first.
Not always. You might connect to another machine and connect out again from there. Of course there are some times ssh-agent is reasonably safe and useful. There are other times it isn't. "RTFM first" - you mean the one which says "This method is easily abused by root or another instance of the same user"? There is also the case that in some jurisdictions you can be required to hand over encryption keys. Some people might prefer to use passwords instead of encrypted certificates when they connect to certain hosts.
