1. 13

  2. 13

    Nowadays, there is the simpler ProxyJump. Also, you can use ssh-agent ssh -o AddKeysToAgent=confirm -o ForwardAgent=yes login@somehost to confirm each use of the key by the agent. See https://vincent.bernat.ch/en/blog/2020-safer-ssh-agent-forwarding for details on this last one.

    1. 4

      Definitely good to raise awareness of the vulnerabilities of ssh-agent, although I will say that the solution proposed in the article is pretty inefficient, and doesn’t prevent rogue processes on your own machine from accessing the local agent socket.

      The canonical solution to this problem, which is mentioned but discounted in the “Update” section, is to either use ssh-add -c, or AddKeysToAgent confirm in your ssh_config.