Skip to content
This repository was archived by the owner on Apr 19, 2024. It is now read-only.
This repository was archived by the owner on Apr 19, 2024. It is now read-only.

Pageant support for key confirmation #55

Closed
@MacGyverNL

Description

@MacGyverNL

Like OpenSSH's ssh-add -c option:

"Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by the SSH_ASKPASS program mentioned below. Successful confirmation is signaled by a zero exit status from the SSH_ASKPASS program, rather than text entered into the requester."

Basically, whenever a process requests authentication from pageant for an identity marked as "confirm", it should prompt the user to allow / deny the authentication before proceeding. This is mostly relevant in a setting where agent forwarding is being used, since anyone on the remote machine with access to the agent socket can potentially access unlocked identities. Enabling confirmation prompts mitigates this risk significantly, since the user can deny any unexpected requests (and will be alerted to suspicious activity at the same time).

Note that the user does not have to enter his passphrase if the identity is still unlocked, he simply has to confirm that the authentication is allowed to take place.

This is, in my opinion, an important feature to have in an agent program, the absence of which is limiting my use of pageant significantly (i.e. I'm removing keys from pageant all the time, only adding them right before I need them and removing them immediately after).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions