New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pageant support for key confirmation #55
Comments
FauxFaux
added a commit
that referenced
this issue
Apr 29, 2013
FauxFaux
added a commit
that referenced
this issue
Jun 1, 2013
FauxFaux
added a commit
that referenced
this issue
Jul 13, 2013
FauxFaux
added a commit
that referenced
this issue
Jul 14, 2013
FauxFaux
added a commit
that referenced
this issue
Aug 6, 2013
FauxFaux
added a commit
that referenced
this issue
Aug 7, 2013
FauxFaux
added a commit
that referenced
this issue
Aug 11, 2013
There's a dumb, global (but secure) version of this in p0.63-t017. I would like it to be better. This will probably require pagaent protocol additions. Would anyone like to raise a ticket with a proposal? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Like OpenSSH's ssh-add -c option:
"Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by the SSH_ASKPASS program mentioned below. Successful confirmation is signaled by a zero exit status from the SSH_ASKPASS program, rather than text entered into the requester."
Basically, whenever a process requests authentication from pageant for an identity marked as "confirm", it should prompt the user to allow / deny the authentication before proceeding. This is mostly relevant in a setting where agent forwarding is being used, since anyone on the remote machine with access to the agent socket can potentially access unlocked identities. Enabling confirmation prompts mitigates this risk significantly, since the user can deny any unexpected requests (and will be alerted to suspicious activity at the same time).
Note that the user does not have to enter his passphrase if the identity is still unlocked, he simply has to confirm that the authentication is allowed to take place.
This is, in my opinion, an important feature to have in an agent program, the absence of which is limiting my use of pageant significantly (i.e. I'm removing keys from pageant all the time, only adding them right before I need them and removing them immediately after).
The text was updated successfully, but these errors were encountered: