New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pageant support for key confirmation #55

Closed
MacGyverNL opened this Issue Oct 14, 2012 · 1 comment

Comments

2 participants
@MacGyverNL

MacGyverNL commented Oct 14, 2012

Like OpenSSH's ssh-add -c option:

"Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by the SSH_ASKPASS program mentioned below. Successful confirmation is signaled by a zero exit status from the SSH_ASKPASS program, rather than text entered into the requester."

Basically, whenever a process requests authentication from pageant for an identity marked as "confirm", it should prompt the user to allow / deny the authentication before proceeding. This is mostly relevant in a setting where agent forwarding is being used, since anyone on the remote machine with access to the agent socket can potentially access unlocked identities. Enabling confirmation prompts mitigates this risk significantly, since the user can deny any unexpected requests (and will be alerted to suspicious activity at the same time).

Note that the user does not have to enter his passphrase if the identity is still unlocked, he simply has to confirm that the authentication is allowed to take place.

This is, in my opinion, an important feature to have in an agent program, the absence of which is limiting my use of pageant significantly (i.e. I'm removing keys from pageant all the time, only adding them right before I need them and removing them immediately after).

@FauxFaux

This comment has been minimized.

Show comment
Hide comment
@FauxFaux

FauxFaux Aug 11, 2013

Owner

There's a dumb, global (but secure) version of this in p0.63-t017. I would like it to be better. This will probably require pagaent protocol additions. Would anyone like to raise a ticket with a proposal?

Owner

FauxFaux commented Aug 11, 2013

There's a dumb, global (but secure) version of this in p0.63-t017. I would like it to be better. This will probably require pagaent protocol additions. Would anyone like to raise a ticket with a proposal?

@FauxFaux FauxFaux closed this Aug 11, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment