[darcs-users] _real_ cygwin build?

John Meacham john at repetae.net
Wed Mar 4 21:18:38 UTC 2009


On Wed, Mar 04, 2009 at 10:37:58AM +0000, Tuomo Valkonen wrote:
> On 2009-03-04, Max Battcher <me at worldmaker.net> wrote:
> > Personally, I certainly believe that SSH keys and good SSH agents are
> > the way to go.
> 
> I'll agree when the agents only give up the keys based on a binary 
> signature of the requesting program, or so.

Agents never give up the keys or anything that can be used to recover
the key, they only participate actively in an authentication. 

As in, to grossly simplify things, ssh connects to the server, the
server sends something for ssh to sign with your private key to verify
its you. ssh itself can't sign it because it doesn't have your key, so
it sends it to your agent which signs it and sends the signed version
back which is then used for authentication. As you can see, your keys
are never revealed. If someone captures your agent the worst they can do
is use it to connect to hosts while they have active control over it,
they can't learn anything that will help them offline. also, since they
need to communicate with your agent, it is easy enough to see if any
requests come through when you arn't expecting them.

Under unix at least, communication with the agent is done through a unix
domain socket, which is protected by standard unix permissions,
appropriate use of suid bits can restrict what programs can talk to it.
I am not sure whether something similar exists for windows agents. in
any case, standard user permission checking and selective forwarding is
pretty solid.

        John


-- 
John Meacham - ⑆repetae.net⑆john⑈


More information about the darcs-users mailing list