Matthew Garrett on Nostr: I'm sure this is general knowledge but anyway: never enable SSH agent forwarding by ...
I'm sure this is general knowledge but anyway: never enable SSH agent forwarding by default if you log into any systems that you don't trust 100%. It gives whoever has root on that system the ability to log into anything else your SSH agent can connect to. Either explicitly pass -A or add host entries to ~/.ssh/ssh_config to enable it for the scenarios you need it.
Published at
2024-05-02 08:46:37Event JSON
{
"id": "f7873db21a66bb9327b2727b3c1eda638076cc10b40795c0fe2e31ed0d15d5cd",
"pubkey": "90526f218e9e8ff28dc76e5348fedf9390f233c9994ab0344624f47b28a13a36",
"created_at": 1714639597,
"kind": 1,
"tags": [
[
"proxy",
"https://nondeterministic.computer/users/mjg59/statuses/112370620633963568",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://nondeterministic.computer/users/mjg59/statuses/112370620633963568",
"pink.momostr"
]
],
"content": "I'm sure this is general knowledge but anyway: never enable SSH agent forwarding by default if you log into any systems that you don't trust 100%. It gives whoever has root on that system the ability to log into anything else your SSH agent can connect to. Either explicitly pass -A or add host entries to ~/.ssh/ssh_config to enable it for the scenarios you need it.",
"sig": "7423be101b91da7812767054101e9be8999e4d09fa9267493038ebd65829ba2a7a0fbb951fb2197f5bc6d118a598e8ea10986bf0e6cea4ac0f4e48f57552b6ac"
}
