aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Weingärtner <timo@tiwe.de>2013-06-20 18:59:41 +0200
committerTimo Weingärtner <timo@tiwe.de>2013-06-20 18:59:41 +0200
commitd177c0fc8d08da5af909ce810696541c6ac23750 (patch)
treea4fa1a5e065a3f96f98af88809c0906d37dfc042
parent3db5e4a6aa2e85492638438dac5719ce633ad6f5 (diff)
downloadssh-agent-filter-d177c0fc8d08da5af909ce810696541c6ac23750.tar.gz
add README
-rw-r--r--README48
1 files changed, 48 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..9814650
--- /dev/null
+++ b/README
@@ -0,0 +1,48 @@
+ssh-agent-filter
+================
+
+
+the problem we want to solve
+----------------------------
+
+ssh(1) describes the problem:
+> Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.
+
+
+our solution
+------------
+
+1. create one key(pair) for each realm you connect to
+2. load keys into your ssh-agent as usual
+3. use ssh-agent-filter to allow only the key(s) you need
+
+afssh (agent filtered ssh) can wrap ssh-agent-filter and ssh for you:
+ $ afssh -c id_example -- example.com
+starts an `ssh-agent-filter -c id_example`, runs `ssh -A example.com` and kills the ssh-agent-filter afterwards.
+If you leave out the options before the `--`:
+ $ afssh -- example.com
+it will ask you via whiptail or dialog which keys you want to have forwarded.
+
+
+how it works
+------------
+
+ssh-agent-filter provides a socket interface identical to that of a normal ssh-agent.
+We don't keep private key material, but delegate requests to the upstream ssh-agent after checking if the key is allowed.
+
+The following requests are implemented:
+* SSH2_AGENTC_REQUEST_IDENTITIES:
+ * asks for a list of SSH 2 keys
+ * the upstream ssh-agent is asked for that list and the result is filtered
+* SSH2_AGENTC_SIGN_REQUEST:
+ * asks for a signature on some data to be made with a key
+ * if the key is allowed the request is forwarded to the upstream ssh-agent and the result returned
+ * else failure is returned
+* SSH_AGENTC_REQUEST_RSA_IDENTITIES:
+ * asks for a list of SSH 1 keys
+ * an empty list is returned
+* SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
+ * asks for removal of all SSH 1 keys
+ * success is returned without doing anything
+
+Requests to add or remove keys and to (un)lock the agent are refused