2438 – Warn about using ForwardAgent with all hosts

Bug 2438 - Warn about using ForwardAgent with all hosts

Summary: Warn about using ForwardAgent with all hosts

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	6.9p1
Hardware:	Other All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-05 07:12 AEST by Josh Triplett
Modified:	2015-08-05 07:12 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Josh Triplett 2015-08-05 07:12:28 AEST

Just as OpenSSH warns if you have insecure permissions on your keys, I'd suggest that OpenSSH should warn if you have an insecure setting of ForwardAgent: if you have a global "yes" or a Host * "yes", OpenSSH could warn and suggest a more host-specific setting.

For an example of how widespread this unsafe setting is:

https://github.com/search?utf8=%E2%9C%93&q=ForwardAgent&type=Code&ref=searchresults